How Large Companies Tackle Cyber-Security
Most large companies have cyber-security policies in place and focus on informing and training employees on security issues rather than enforcing policies.
94% of large American businesses have a cyber-security policy in place. Of these, 87% created the policy at least three years ago.
Required security software: 84%,
How to back up data: 81%,
How to detect scams: 79%,
How to report security incidents: 78%,
Requirements for regularly updating computers: 75%
Communicate policies clearly to all employees: 85%,
Monitor policy compliance: 79%,
Train employees to follow policies: 77%,
Enforce consequences for not following policies: 66%
Companies that focus on communication, compliance and training are addressing the evolving cyber-security threat and the internal risk employees pose.
Cyber-threats evolve with the introduction of new technologies, so the most effective way to combat perennial cyber-threats is to continually update and effectively communicate policies.
Employees are a major security threat to every company. Their use of personal mobile devices and remote work are just two factors that put their company at risk.
89% of the companies surveyed allow employees to work remotely, and 74% also allow them to use personal devices for work.
To promote employees’ understanding of a company’s cyber-security policy, consider making a game based on testing how well employees follow that policy. For example, send out a phony phishing scam email and see how many employees comply with company policy.
Companies should balance employee concerns with enforcing the consequences of violating cyber-security policies. 47% of respondents said their company’s cyber-security policy is strict, but 52% characterized it as moderate.
A company’s security policy must have teeth, but employees’ morale can suffer if they feel watched, so strike a balance that enables employees to do their job safely without fearing company oversight.
Protection from external threats: 35%,
Fewer internal activities that put the company at risk: 26%,
Compliance with industry, federal or international regulations: 21%,
Peace of mind, preparedness if there is a cyber-security incident: 16%, Other: 2%