CIR BC Strategies for People
This article discusses the various mitigation and recovery strategy for the people aspect of managing a cybersecurity incident. The strategies include:
- Employee Management
- Education
- Creating Awareness
1. People: Employee Management
An organization should not doubt its employees. However, while the employees may be well-trained, there is still the possibility of human error, so it is safer and more reliable to use technology as the last line of defence.
The software can be installed to monitor employees’ behaviour/actions and evaluate their underdeveloped security practices. Any suspicious/malicious activities can be picked up so the organization can contain the cyber security attack before the damages suffered are too great.
However, employees should not be the scapegoat (Nather, 2017) when cyber security attacks on the organization are successful.
For most organizations, continuity in providing quality products/services to customers is the top priority. Security is negligible or a small point of consideration for them. These organizations do not factor security into their daily operations, creating multiple attack vectors for cyber criminals to exploit.
Therefore, there is an increased importance for the following strategy.
2. People: Education
Educating employees is one of the best prevention strategies. Employees create and utilize data regularly; hence the responsibility of protecting and securing their data lies with the employees.
Firstly, the organization has to eliminate the misconception that the current security controls protect all infrastructures.
Believing that the organization is well protected promotes reckless behaviour/actions from the employees. Secondly, training sessions should be conducted for employees regularly.
Training new employees ensure they are capable (Murray, 2017) of preventing and responding to cybersecurity incidents effectively. At the same time, the training sessions act as refresher courses for existing employees. Lastly, the organization must spread awareness of cyber security incidents that threaten the organization.
Through spreading awareness among the employees, they know the dos and don’ts during daily security activities. This can be combined with documentation of procedures that employees can execute in preventing, detecting, and responding to cybersecurity incidents.
3. People: Creating Awareness
The internet and mobile devices are used daily; most organizations believe they are safe, but cyber security attacks are occurring daily too, and the attacks are not significant enough to be reported.
As the dependence on IT infrastructures and cyberspace increases, disruptions affect the public and organizations, which can be life-threatening in certain situations. Although dealing with cyber security threats is an important topic, it isn't easy to convey the message (de Bruijn & Janssen, 2017) to the audience.
The lack of detailed analysis on how cyber security, a complex societal problem, can be communicated in an understandable and difficult-to-challenge way through message framing.
Message framing because, concerning cyber security, it is difficult to pinpoint a victim and criminal. Without a purpose for cyber security, the desired attention and sense of urgency are absent, leaving systems unprotected or simply delegating the protection duties to software. To convey the importance of cyber security, there are several techniques:
- Collect evidence to support the message, making it more credible;
- Over-intensify the topic of cyber security is ill-advised;
- Identify criminals clearly;
- Put the spotlight on the security controls that handle the criminals;
- Personalize the message to match the interests of an audience; and
- Link cyber security with relevant concepts such as the economy.
Component of Prevention/ Mitigation CIR BC Strategies
Do You Want to Continue BCM Training onsite or online?
![[BL-3-Catalog] What Specialist Level Blended Learning Courses that are Available?](https://no-cache.hubspot.com/cta/default/3893111/4b22a53c-6e3e-4b9e-8c2a-888423f1d26c.png)
![[BL-5-Catalog] What Expert Level Blended Learning Courses that are Available?](https://no-cache.hubspot.com/cta/default/3893111/fe175db3-7f57-4636-bf09-e9a836aa5478.png)
Goh, M. H. (2017). A Manager's Guide to Business Continuity Management for Cyber Security Incidents, 2nd Edition. GMH Pte Ltd.
Reference: Chapter 7 Developing Mitigation and Response Strategies 7.12 People
Note: This version was the draft 2nd Edition being updated in 2023. The numeric in the square bracket [X-X] cross-refers to the actual chapter and section in the 1st Edition.
