CyberWyoming note: In collaboration with the Identity Defined Security Alliance, CyberWyoming is releasing a four-part series of blogs on Identity Management for Identity Management Day on April 11, 2023.
Day 2 – What Is a Culture of Security? An Example https://cyberwyoming.org/day-2-what-is-a-culture-of-security-an-example/
Day 3 – How Small Companies in Wyoming Can Create a Culture of Security https://cyberwyoming.org/day-3-how-small-companies-in-wyoming-can-create-a-culture-of-security/
Day 4 – Don’t Wait for a Security Crisis to Start Building a Security Culture and Relationships in Tech! https://cyberwyoming.org/day-4-dont-wait-for-a-security-crisis-to-start-building-a-security-culture-and-relationships/
What is Identity Management?
“Identity management is about small business culture and not as much about tech. You can add all the tech in the world, and someone can still make a mistake and give out their user credentials or click on the wrong thing. So, it is important to build that culture of security,” said Laura Baker, Executive Director for CyberWyoming.
Identity management is ensuring that the employees in your organization know how to manage their user IDs and passwords as well as sensitive employee and customer information. Wyoming’s State Statute 6-3-901 definition of personally identifiable information is basically your name and one other piece of information. So, your name and address, for instance should be protected by any business that has it.
Identity Management – are your employees taking it seriously?
You may think your fellow employees take identity management seriously, but have you asked? In 2021 and 2022, the National Cybersecurity Alliance published annual reports of a studies on the behaviors and attitudes that impact cybersecurity. The 2021 study reported that 40% of participants feel that they are the least responsible for protecting company online information despite humans being one of the most critical components of cyber resilience and risk reduction. Instead, employees feel that the responsibility is with the government, their company, or the IT department, but not with them.
“This means that 40% of your employees don’t feel it is their responsibility to protect company or customer data,” said Baker. “Focusing on culture, discussing scams, and rewarding secure behaviors is the way to manage this risk,” continued Baker.
Some employees see the need for strong security when they are told that many data breaches start from an employee’s actions, but not everyone takes it seriously. Employees continue to open a phishing email, fail to update the software on their phone that is connected to their company’s network, do not create strong passwords, or don’t log out of their computer when they leave their desk.
In 2021 and 2022, the National Cybersecurity Alliance published annual reports of studies on the behaviors and attitudes that impact cybersecurity. The studies aim to illuminate one of the most important aspects of cyber risk: the human factor, and it was conducted through a survey of two thousand people in the U.S. and U.K.
The 2022 report is available here https://staysafeonline.org/resources/oh-behave/.
The studies focus on the following core cybersecurity behaviors: passwords, multi-factor authentication (MFA), installing updates, checking that an email is legitimate, recognizing and reporting phishing, and backing up data.
Change Company Culture – Wyoming’s Cybersecurity Competition for Small Business
In its sixth year, Wyoming’s Cybersecurity Competition for Small Business is one-on-one, on-the-job, human focused security training that starts with the company’s mission statement and ends with security policy writing. Wyoming business leaders meet their security goals and have increased confidence with the subject, better relationships to support their security efforts, and improved products and services as a result of completing the program.
Registration continues through May 1. Winners receive cash prizes and a speaking engagement at the annual cybersecurity conference. https://cyberwyoming.org/competition to register.