Taking Your Organization’s Cybersecurity Practices to 11
Employee training needs to be central to any company’s cybersecurity plan, and Alison DeNisco of Tech Republic recently posted a great list of 10 tips to improve your staff’s practices and make your data more secure. It covers several practices that aren’t stressed often enough, like appointing cybersecurity advocates within individual company departments, communicating the importance of good security practices at employees’ homes, and starting everything early (in the onboarding process, if at all possible).
I’d like to take things one step further. Companies that want to take their cybersecurity practices “to 11” should consider creating an internal cybersecurity certification program. Employees who take the course will become cybersecurity subject-matter experts regardless of their existing specialties, and the demand is likely to be high: The marketability of cybersecurity certifications is on the rise, and they can be taken into account at bonus time.
Here are three things to keep in mind when putting your certification together:
Give staff a reason to get certified.
Make sure your employees know you value their participation in the program. Reward those who earn a certification with a boost in pay or a one-time reward, like a bonus or travel voucher.
Open it to everyone.
The need for good cybersecurity practices is quickly becoming universal, so communicate across departments when launching your certification. Doing so will benefit even those employees who don’t participate in the program (they’ll begin to understand the importance you’re placing on security up and down the organization).
Build on industry-standard certifications.
Don’t reinvent the wheel: When putting your program together, use elements of existing security certifications, like (ISC)2's CISSP or ISACA’s CISM. It will speed the process and make your certification attractive to employees who are already looking to improve their skills.
Organizations that build a program like this will protect their systems, data, and lines of business, but they’ll also enhance what is ultimately their most valuable resource: people.