Creating a Culture of (Cyber) Security

October is National Cybersecurity Awareness Month. Many Rhode Island manufacturers may feel “spooked” about this month, as in their minds awareness = training and training = snoozefest.

Celia Paulsen of the MEP National Network™ has written about how cybersecurity awareness training can/should be approached:

“The real purpose of cybersecurity awareness and training efforts should be to create a culture of security, meaning that employees should view good cybersecurity practices as good business and as part of “how we do business here.” Employees should feel enabled to make good cybersecurity decisions and understand what makes a good decision. Awareness and training should focus on:

  • Stopping risky behavior: Help employees know what decisions can lead to a bad outcome. For example, opening email attachments from unknown sources.
  • Encouraging less risky behavior: Help employees understand and care about implementing processes that increase security. For example, how to make strong passwords.
  • Turning employees into sentinels: Help employees recognize and respond to a cybersecurity event. For example, what to do if a guest plugs an unauthorized USB drive into a machine.”

 

Read about Celia’s RAINSTORMS plan for truly effective cybersecurity awareness training in this post on the MEP’s Manufacturing Innovation Blog: https://www.nist.gov/blogs/manufacturing-innovation-blog/creating-culture-security

 

Leave a Reply

Your email address will not be published. Required fields are marked *