Featured Product
This Week in Quality Digest Live
Risk Management Features
Oliver Binz
Better internal information systems help managers tell consumer demand from inflationary pressure
Steven I. Azizi
Take these steps to protect your employees and your company
Oliver Laasch
There’s unlikely to be a point of general stability anytime soon
Gleb Tsipursky
You shouldn’t trust your gut as a decision-maker: Here’s why.
NIST
NIST examines disinfection methods that could be critical in the future if PPE supply is low

More Features

Risk Management News
ISO 21434 automotive cybersecurity and implementing design and process FMEAs
Implementing a SIOP process can smooth supply spikes while improving cash flow and increasing profitability
Does your business’ security match up with competitors?
Prior to vote, IAF seeks industry feedback to understand the level of demand from businesses and regulators.
The acquisition targets the rapidly widening gap between quality data creation and leverage
Winter 2022 release of Reliance QMS focuses on usability, mobility, and actionable insights
Designed to offer a comprehensive safety solution for fleet vehicles and workforce personnel
A cybersecurity expert lays out crucial HR practices to amplify attack readiness for modern businesses
NordLocker study discloses industries at a heightened risk of ransomware attacks, with manufacturers taking a troubling second place

More News

Quality Digest

Risk Management

Fortify Your Business: Five Practices for Stellar Cybersecurity

A cybersecurity expert lays out crucial HR practices to amplify attack readiness for modern businesses

Published: Thursday, December 23, 2021 - 13:00

(Nordlocker: Panama) -- The human element remains the weakest link in cybersecurity, as an annual report reveals that 85 percent of all data breaches are in one way or another caused by an employee. As digital technologies become essential in modern organizations, no industry is safe from cybercriminals exploiting their weak spots.

“Identifying where the risks lie is a good start,” says Oliver Noble, an expert in cybersecurity risk management at NordLocker, an encrypted cloud service provider. “But organizations also need to invest in cybersecurity awareness campaigns that address specific risks.” Below, he lays out how security-oriented work culture is put into practice at NordLocker and encourages other companies to implement a similar approach.  

Security training embedded into onboarding

First impressions matter, so emphasizing security from day one helps instill the company’s priorities. At NordLocker, newbies enroll in an interactive course that goes over the company’s policies, informs why they are important, and quizzes the participants with real-world situations. This makes cybersecurity a learning experience rather than another form to sign and forget. If internal training is not an option, your organization might want to consider hiring a third party to do it for you.

Social engineering

The use of psychological manipulation to gain access to confidential information is the most common type of cyber threat. That’s why courses on how to identify them should fill a considerable portion of your cybersecurity training regime. “At NordLocker, we have had our share of such attempts. We’ve received “friendly” LinkedIn messages asking for internal information. We’ve even seen hackers posing as the company’s senior executives and sending suspicious messages to employees,” reveals Oliver Noble.

To counter social engineering attacks, preach situational awareness and instruct employees to avoid clicking on any links in emails and downloading any file attachments unless they come from a verified source. At NordLocker, we trust that experience is the best teacher. Every year, we deploy drills, imitating phishing attacks on the entire staff—this gives us an overview of the company’s security posture. For employees, the results of such a drill could end up being an eye-opening experience. Open source tools like GoPhish are great for such simulations.

Physical security

The physical aspects of security are as important as their digital counterparts. They range from trespassing events, such as piggybacking or tailgating, to locking the workstation when not at the desk. If applicable, establish clear work-from-home/work-from-anywhere protocols, such as avoiding public Wi-Fi. Also, promote general environmental awareness when discussing work-related information. Physical threats to cybersecurity are genuine and should be considered in every course.

Secure development

On the development front, consider embedding security into the DNA of your programming operation. Investing in secure development training and checking the integrity of your code with open source tools such as Web Security Dojo will go a long way. “At Nordlocker, we have recently started deploying a security champion program,” explains Oliver Noble. “It makes sure that every team of developers has at least one person well versed in secure coding who amplifies the security message on a team level.”

Risk awareness

The last step involves providing easy ways to reach resources for learning and to report potential threats. NordLocker has special channels for alerting any suspicious activity and getting help from the risk staff. Together with a healthy company culture that promotes openness rather than secrecy, these practices could reduce cyberattacks and mitigate the damage if one should happen.

About Nordlocker

NordLocker is the world’s first end-to-end file encryption tool with a private cloud. Created by the cybersecurity experts behind NordVPN—a world renowned VPN service provider, NordLocker makes sure your files are protected from hacking, surveillance, and data collection. Available for both desktop and mobile, NordLocker supports all file types, offers a fast and intuitive interface, and guarantees secure sync between devices. For more information nordlocker.com.

Discuss

About The Author

Quality Digest’s picture

Quality Digest

For 40 years Quality Digest has been the go-to source for all things quality. Our newsletter, Quality Digest, shares expert commentary and relevant industry resources to assist our readers in their quest for continuous improvement. Our website includes every column and article from the newsletter since May 2009 as well as back issues of Quality Digest magazine to August 1995. We are committed to promoting a view wherein quality is not a niche, but an integral part of every phase of manufacturing and services.