No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Cybersecurity

3 Keys to a Successful Cyber Compliance Program and Eliminating a Major Source of Cyber Risk

Addressing the Human Factor of Cybersecurity

by Jonathan Bohrer
July 25, 2019
in Cybersecurity, Data Privacy, Featured
hand prepared to push glowing red button

Most organizations’ security and data protection efforts are seriously lacking – particularly when it comes to the human element. Abacus Group’s Jonathan Bohrer outlines three components of a successful cyber compliance program: education, protection and monitoring.

Hardware, software, networks and protocols for cybersecurity generally perform at a near-optimal level for most enterprises. But what is lacking in holistic security and data protection is thorough education, training and monitoring of management and employees. Almost all phishing and malware breaches are attributed to human interactions on the internet.

With today’s remote workforce and frequent job changes, data transfers between arriving and departing employees pose security challenges that managers need to be better equipped to handle. Statistics show that the percent of virus click-throughs by employees at companies in successive phishing campaigns decreases dramatically between the first and second training and again to the third training, demonstrating that proper training is key to eliminating a huge source of cyber risk.

There are three core concepts that drive a successful cyber compliance program in an organization: education, protection and monitoring. This article illustrates the importance of each by relating them to things we experience every day outside of the workplace.

Don’t Play with Fire

As humans, there are certain things that occur in nature that we know to fear instinctively from birth.  Children know instinctively to stay away from fire, water, lightning, etc. Young kids who don’t swim yet, generally don’t jump into the ocean or a swimming pool. Most young children run for cover when they hear thunder and lightning.

This instinct does not apply to technology and man-made contrivances. If something blinks, lights up or clicks, small children tend to go to it without hesitation. Any parent can tell you that if you put an iPhone in front of a two-year-old, they will, without hesitation, pounce on it and start swiping and clicking with reckless abandon.

Parents try to educate their children about restraint.  Likewise, managers need to teach employees how to behave safely with all the online connections at their disposal in the workplace. This education requires a set of rules to govern behavior and a set of policies driven by best practices.

Moreover, managers need to create an environment that sets employees up for success from a security “toolbox” standpoint. Just like we protect our homes with security systems and smoke alarms, there is a basic “must have” set of cybersecurity tools in our workplace IT environment that should be in place. And active monitoring of the data generated by these tools is critical to a successful compliance program. What good is a home video surveillance system if nobody ever looks at it or the alerts that it generates?

Don’t Push the Big Red Button!

With apologies to the Men in Black, we have to teach our people not to push the big red button. There are tools to do this, ranging from phishing campaigns to general cybersecurity awareness training. While these tools seem like mundane, matter-of-fact corporate “check the box” exercises, they do in fact work. We see this in the results of phishing campaigns where employee click-through rate in an organization declines in subsequent tests over time, sometimes as much as 50 percent!

Arguably, one of the most important parts of a successful program for cyber compliance is creating a culture that emphasizes the importance of good cyber hygiene. This means that employees call each other out (in a friendly and professional way, of course) when they see risky behavior occurring. For example, “Hey pal, you left your screen unlocked again when you went to get coffee – the entire firm can see your trading strategy!”

Employ Industry Standard Tools; Set Firm Protocols and Policies

The list of best practice cyber appliances and related global policy settings across a firm is extremely long. An important note on policies surrounding cyber tools: People don’t like them just like they don’t like wearing a seatbelt or searching the house for the smoke alarm that is beeping because the battery is dead, but they do these things because they keep them safe.

The same goes with cyber policy. Certainly the busy and important portfolio manager does not want to have to change his password monthly on all of his devices. But this small inconvenience is all about risk management, and it’s a small price to pay to protect against a much graver financial alternative.

Some key important policies to keep updated and enforced include user access management, acceptable use and data classification. For example, does your firm have a password policy, required two-factor authentication and enforce a mobile device management (MDM) policy?

Monitor: Read and Interpret the Data

People are often shocked when they learn about some fraudulent account or unpaid creditor right at the time when they need to apply for a mortgage. Don’t be surprised if you have trouble getting credit if you don’t actively monitor your credit score.

The same logic applies to data generated by cybersecurity devices – if only this data were published in a neat, readable and interpretable format, like our credit scores! Security systems and appliances in action at most current firms are almost too long to list. These tools are primarily used as reactionary to an inbound threat. If configured properly and paired with good training and good policies as mentioned above, they do a good job of keeping us safe.

There is an incredible amount of value to be gleaned from proactive use of the data available from these cyber protection tools that is often overlooked in organizations. The best way to take advantage of this data is to assign someone to take the time to monitor and interpret the data from these devices. This is made easier if you employ a third-party IT services vendor who provides simple and accessible reporting to do so. The vendor should be able to provide file access reports (to ensure least privilege access), software and device inventory reports (so you can easily see which devices have access to your network) and distribution list management reports.

In conclusion, it is important for managers to remember that the powerful cyber protection tools at their disposal are only good if the workforce knows how to protect the organization while online – and avoid pushing that big red button!


Tags: Cyber RiskMonitoringTraining
Previous Post

Refinitiv Unwraps Beneficial Ownership and Vessel Data to Support Improved Risk Management

Next Post

An Interview with Elizabeth O’Keefe, Compliance Manager at KAYAK

Jonathan Bohrer

Jonathan Bohrer

Jonathan Bohrer is Chief Financial Officer at Abacus Group, a firm that specializes in IT services and cloud hosting for alternative investment firms. Jonathan oversees the firm’s financial and accounting activities, along with other administrative and operational functions including HR, real estate and legal. Prior to Abacus, Jonathan served as Managing Director of Finance at ConvergEx Group, where is was responsible for financial planning and analysis, M&A, capital planning and new product development. Jonathan began his career in a variety of management roles in operations and finance at GE and American Express. He has a B.S. in Operations Management from Syracuse University and an MBA from Penn State University.

Related Posts

castle pixel art

Building a Defense-in-Depth Culture to Combat Phishing

by Perry Carpenter
March 22, 2023

Phishing attempts are only growing more sophisticated by the day, and effective cybersecurity means defending all the vectors of attack,...

risk tunnel

From Regulation to Volume, There Is No Light at the End of the Data Privacy Tunnel

by Jim DeLoach
March 15, 2023

Data proliferation and data privacy regulatory activity across the globe have created the need for focused boardroom discussions. An underpinning...

2023 EEOC and Employers: Investigating Harassment and Discrimination

2023 EEOC and Employers: Investigating Harassment and Discrimination

by Aarti Maharaj
March 14, 2023

With employment discrimination on the rise, EEOC encourages employers to provide anti-harassment training to their employees and managers and to...

Onboarding Best Practices for Millennial and All Employees

Onboarding Best Practices for Millennial and All Employees

by Aarti Maharaj
March 14, 2023

Reducing turnover and fast-tracking new employees to productivity is a key business imperative. The reality is that about 30 percent...

Next Post
Microphone on a stack of newspapers

An Interview with Elizabeth O'Keefe, Compliance Manager at KAYAK

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT