Security teams can’t protect what they can’t see. While monitoring tools are getting better, end users and business managers need to tell IT and security teams what they’re doing with data on different applications, and more importantly, when something has gone awry.
A culture of blame and fear when it comes to security means end users won’t tell you if they are using an unsanctioned app, have clicked on a malicious link or have seen unusual activity until it’s too late. Security teams should empower users with a culture of personal responsibility so that they treat data security in the same way they approach other company policies like health and safety.
A blame culture encourages poor security
Seeing humans as a weak link and creating an environment where employees fear reprisal for security failures isn’t a good way to run a company. Yet some organizations have taken extreme measures to punish victims of scams. A media firm in Scotland fired and sued one of its staff after she fell for a phishing scam and handed over almost £200,000 [$250,000] to fraudsters impersonating the company’s managing director requesting a payment to be made. Brian Krebs recently…