No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home Cybersecurity

3 Keys to a Successful Cyber Compliance Program and Eliminating a Major Source of Cyber Risk

Addressing the Human Factor of Cybersecurity

by Jonathan Bohrer
July 25, 2019
in Cybersecurity, Data Privacy, Featured
hand prepared to push glowing red button

Most organizations’ security and data protection efforts are seriously lacking – particularly when it comes to the human element. Abacus Group’s Jonathan Bohrer outlines three components of a successful cyber compliance program: education, protection and monitoring.

Hardware, software, networks and protocols for cybersecurity generally perform at a near-optimal level for most enterprises. But what is lacking in holistic security and data protection is thorough education, training and monitoring of management and employees. Almost all phishing and malware breaches are attributed to human interactions on the internet.

With today’s remote workforce and frequent job changes, data transfers between arriving and departing employees pose security challenges that managers need to be better equipped to handle. Statistics show that the percent of virus click-throughs by employees at companies in successive phishing campaigns decreases dramatically between the first and second training and again to the third training, demonstrating that proper training is key to eliminating a huge source of cyber risk.

There are three core concepts that drive a successful cyber compliance program in an organization: education, protection and monitoring. This article illustrates the importance of each by relating them to things we experience every day outside of the workplace.

Don’t Play with Fire

As humans, there are certain things that occur in nature that we know to fear instinctively from birth.  Children know instinctively to stay away from fire, water, lightning, etc. Young kids who don’t swim yet, generally don’t jump into the ocean or a swimming pool. Most young children run for cover when they hear thunder and lightning.

This instinct does not apply to technology and man-made contrivances. If something blinks, lights up or clicks, small children tend to go to it without hesitation. Any parent can tell you that if you put an iPhone in front of a two-year-old, they will, without hesitation, pounce on it and start swiping and clicking with reckless abandon.

Parents try to educate their children about restraint.  Likewise, managers need to teach employees how to behave safely with all the online connections at their disposal in the workplace. This education requires a set of rules to govern behavior and a set of policies driven by best practices.

Moreover, managers need to create an environment that sets employees up for success from a security “toolbox” standpoint. Just like we protect our homes with security systems and smoke alarms, there is a basic “must have” set of cybersecurity tools in our workplace IT environment that should be in place. And active monitoring of the data generated by these tools is critical to a successful compliance program. What good is a home video surveillance system if nobody ever looks at it or the alerts that it generates?

Don’t Push the Big Red Button!

With apologies to the Men in Black, we have to teach our people not to push the big red button. There are tools to do this, ranging from phishing campaigns to general cybersecurity awareness training. While these tools seem like mundane, matter-of-fact corporate “check the box” exercises, they do in fact work. We see this in the results of phishing campaigns where employee click-through rate in an organization declines in subsequent tests over time, sometimes as much as 50 percent!

Arguably, one of the most important parts of a successful program for cyber compliance is creating a culture that emphasizes the importance of good cyber hygiene. This means that employees call each other out (in a friendly and professional way, of course) when they see risky behavior occurring. For example, “Hey pal, you left your screen unlocked again when you went to get coffee – the entire firm can see your trading strategy!”

Employ Industry Standard Tools; Set Firm Protocols and Policies

The list of best practice cyber appliances and related global policy settings across a firm is extremely long. An important note on policies surrounding cyber tools: People don’t like them just like they don’t like wearing a seatbelt or searching the house for the smoke alarm that is beeping because the battery is dead, but they do these things because they keep them safe.

The same goes with cyber policy. Certainly the busy and important portfolio manager does not want to have to change his password monthly on all of his devices. But this small inconvenience is all about risk management, and it’s a small price to pay to protect against a much graver financial alternative.

Some key important policies to keep updated and enforced include user access management, acceptable use and data classification. For example, does your firm have a password policy, required two-factor authentication and enforce a mobile device management (MDM) policy?

Monitor: Read and Interpret the Data

People are often shocked when they learn about some fraudulent account or unpaid creditor right at the time when they need to apply for a mortgage. Don’t be surprised if you have trouble getting credit if you don’t actively monitor your credit score.

The same logic applies to data generated by cybersecurity devices – if only this data were published in a neat, readable and interpretable format, like our credit scores! Security systems and appliances in action at most current firms are almost too long to list. These tools are primarily used as reactionary to an inbound threat. If configured properly and paired with good training and good policies as mentioned above, they do a good job of keeping us safe.

There is an incredible amount of value to be gleaned from proactive use of the data available from these cyber protection tools that is often overlooked in organizations. The best way to take advantage of this data is to assign someone to take the time to monitor and interpret the data from these devices. This is made easier if you employ a third-party IT services vendor who provides simple and accessible reporting to do so. The vendor should be able to provide file access reports (to ensure least privilege access), software and device inventory reports (so you can easily see which devices have access to your network) and distribution list management reports.

In conclusion, it is important for managers to remember that the powerful cyber protection tools at their disposal are only good if the workforce knows how to protect the organization while online – and avoid pushing that big red button!


Tags: Cyber RiskMonitoringTraining
Previous Post

Refinitiv Unwraps Beneficial Ownership and Vessel Data to Support Improved Risk Management

Next Post

An Interview with Elizabeth O’Keefe, Compliance Manager at KAYAK

Jonathan Bohrer

Jonathan Bohrer

Jonathan Bohrer is Chief Financial Officer at Abacus Group, a firm that specializes in IT services and cloud hosting for alternative investment firms. Jonathan oversees the firm’s financial and accounting activities, along with other administrative and operational functions including HR, real estate and legal. Prior to Abacus, Jonathan served as Managing Director of Finance at ConvergEx Group, where is was responsible for financial planning and analysis, M&A, capital planning and new product development. Jonathan began his career in a variety of management roles in operations and finance at GE and American Express. He has a B.S. in Operations Management from Syracuse University and an MBA from Penn State University.

Related Posts

news roundup new

Few Business Leaders Feel Fully Prepared for Challenges of 2025

by Staff and Wire Reports
June 20, 2025

Data center operators not using full slate of available sustainability tactics; companies continue to use AI without policies

Ethiciti AI Transforming Online Compliance Training

How AI is Transforming Online Compliance Training

by Corporate Compliance Insights
June 3, 2025

Is your compliance training keeping up with AI innovation? Whitepaper How AI is Transforming Online Compliance Training What's in this...

matrix numbers cybersecurity concept

Why Scalable Global Frameworks Like ISO 27001 Matter

by Sam Peters
May 29, 2025

Updated security standard addresses modern threats with expanded digital protections

Ethiciti Neuroscience Compliance Training

Neuroscience of Compliance Training

by Corporate Compliance Insights
May 14, 2025

Is your compliance training working with your employees' brains or against them? Whitepaper Neuroscience-Driven Training Techniques What’s in this whitepaper...

Next Post
Microphone on a stack of newspapers

An Interview with Elizabeth O'Keefe, Compliance Manager at KAYAK

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2025 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe

© 2025 Corporate Compliance Insights