Secure Web Browsing - How to Remove the Headache

Data breaches have surged globally this year. By mid-year, there’s been a staggering 156% growth in the total number compared to the previous quarter, with a whopping 855 accounts worldwide being leaked every minute. Sadly, no matter your company size, industry, or geographic location, one thing is clear – these alarming statistics underscore the need for heightened cyber vigilance. Now, as we enter Cybersecurity Awareness Month this October, IT Decision Makers (ITDMs) have a perfect opportunity to raise awareness and fortify their organisation's defences.

In this blog, I'll be sharing my insights on what you can do to ensure your employees protect themselves, their data, and your organisation's network and reputation. I’ll be focusing on secure web browsing as it’s an important first step.

I've partnered with Proofpoint, as they’re a leading cybersecurity company and I believe in their brand. They’ve also produced a FREE Cybersecurity Awareness Kit I want you to know about. (It’s also available in German, French, Spanish and Italian). The kit has a campaign guide, messaging for easy communication, and a cadence for launching the campaign. They've broken it down simply and curated a selection of free learning resources - training videos, email templates, virtual backgrounds, and sharable images – all from their security awareness content library.

So, let’s begin by examining what secure web browsing is and why it matters.

Why Secure Web Browsing Matters

Secure web browsing is the process of using protective measures to ensure that your sensitive information remains private while you’re online. This includes using encryption, firewalls, and other security tools to protect your data from being intercepted or accessed by unauthorised individuals. In addition to technology, it also requires employee education, so your workforce understands the dangers and becomes an extension of your security department – effectively, a defence asset.

Secure web browsing matters for ITDMs for several reasons:

1. Protection against cyber threats: Secure web browsing acts as a vital defence mechanism against various cyber threats, such as malware infections, phishing attacks, and data breaches. By implementing secure browsing practices, ITDMs can significantly reduce the risk of unauthorised access to sensitive data and protect their organisation's assets.
2. Safeguarding sensitive information: Organisations handle vast amounts of confidential data, including customer information, financial records, and trade secrets. Secure web browsing ensures the protection of this sensitive information, preventing unauthorised individuals or entities from intercepting or accessing it.
3. Reducing financial losses: A successful cyber-attack can lead to significant financial losses for an organisation. By prioritising secure web browsing, ITDMs can minimise the chances of data breaches or ransomware attacks, avoiding the costly repercussions associated with such incidents, including financial damages, regulatory fines, and reputational harm.
4. Maintaining productivity: Cyber threats continually disrupt business operations and hinder employee productivity. Secure web browsing helps prevent malware infections that cause system outages, network downtime, and the loss of critical data. By ensuring a secure browsing environment, ITDMs can maintain productivity levels and keep the organisation running smoothly.
5. Compliance with regulations: Many industries have specific regulations and compliance requirements related to data security and privacy. Implementing secure web browsing practices helps organisations meet these regulatory obligations, avoiding penalties and legal repercussions.

Raising Awareness of Web Browsing Dangers

When it comes to web browsing, there are numerous dangers for employees to be aware of from clicking on suspicious links and shortened URLs, to prompts to run or download files and software, or using convenience features like “auto complete” and “remember me”. Then there’s the promise of free content, software, and products; and using unsecured public wi-fi networks, or weak passwords. Alternatively, reusing passwords, sharing passwords; and simply ignoring browser software updates.?

The way organisations raise security awareness varies from company to company depending on the culture of the organisation. Effective strategies include implementing comprehensive training programs, conducting simulated phishing attacks, maintaining regular communication channels, incorporating gamification elements, launching security awareness campaigns with catchy slogans and engaging visuals, as well as fostering employee champions who promote good security practices. Emphasising continuous education and providing access to resources like webinars and online courses further reinforce the importance of staying updated on security trends. Additionally, promoting secure remote work practices, establishing incident reporting channels, and ensuring leadership support creates a security culture of accountability and proactive response.

Boosting Security by Harnessing Rewards and Penalties

The approach an organisation chooses to drive security awareness ultimately depends on whether their ITDM opts for the "carrot" or "stick" approach. So, let's examine how these approaches function in promoting security awareness.

The Carrot Approach

The carrot approach focuses on providing incentives, rewards, and positive reinforcement to encourage employees to adopt secure behaviours and practices. This approach aims to create a positive and supportive environment for security awareness. Some of the best examples of the carrot approach include:

• Recognition and rewards: Acknowledge and reward employees who consistently demonstrate good security practices or report potential security risks. This can be done through public recognition, certificates, monetary rewards, or other forms of incentives.
• Training and education opportunities: Offer employees opportunities for professional development in the field of cybersecurity. Provide access to relevant training courses, certifications, workshops, or conferences. This helps employees enhance their knowledge and skills while also promoting a culture of continuous learning and improvement.
• Gamification and competitions: Introduce gamification elements into security awareness programs, such as quizzes, challenges, or competitions. Offer prizes or rewards for participation and achievement. This approach makes learning about security more engaging and enjoyable.
• Performance-based incentives: Tie security awareness and adherence to secure practices to performance evaluations or bonuses. This provides employees with a tangible incentive to prioritise security in their day-to-day work.

The Stick Approach

The stick approach focuses on implementing consequences or penalties for non-compliance or negligent behaviour regarding security policies and practices. It emphasises accountability and serves as a deterrent against security risks. Some examples of the stick approach include:

• Disciplinary actions: Enforce disciplinary measures, such as verbal warnings, written reprimands, or even termination, for employees who repeatedly violate security policies or engage in risky behaviour that puts the organisation at risk.
• Access restrictions: Limit or revoke access privileges for employees who consistently disregard security protocols or fail to follow secure browsing practices. This may involve temporarily or permanently restricting access to certain systems, data, or sensitive information.
• Mandatory training and testing: Require employees to undergo mandatory security awareness training and periodic testing to assess their knowledge and adherence to security practices. Failure to complete the training or achieve the required scores may result in penalties or restrictions.
• Policy enforcement: Enforce strict consequences for violations of security policies, such as unauthorised data sharing, downloading prohibited software, or accessing restricted websites. Consistently apply disciplinary actions to deter future non-compliance. Both approaches can be used in combination to create a comprehensive security awareness programme that balances positive reinforcement with consequences for non-compliance. An organisation’s culture, industry, and the level of security risks involved will also influence an ITDMs strategy.

Tackling Burnout, the New Pandemic

Before ending, it’s important to recognise that human error causes over 80% of cybersecurity breaches. Whilst its rise globally is good news for cybercriminals, who leverage human weaknesses to carry out their malicious activities, unfortunately, it has significant consequences for ITDMs. The increased levels of stress and burnout experienced by employees can negatively impact their ability to stay vigilant and focused on security measures.

Reportedly, the demographics most likely to suffer from stress and burnout are Gen Z, young millennials, and women. However, according to Microsoft’s most recent Work Trend Index— a global survey of workers across multiple industries — more than half of managers (53%) claim to feel burned out at work. This news is alarming and even more so when you know that cybersecurity practitioners are also burning out – possibly at higher rates than frontline healthcare workers.

As ITDMs and their teams face increasing pressure and challenges in the cybersecurity landscape, due to increasing cyberattacks, alert overload and a shortage of skilled personnel, organisations must proactively enhance their approach and tackle these issues head-on.

Building a Strong Security Culture

Although Cybersecurity Awareness Month represents an ideal time to drive change, implement best practices, and get employees interested to know more about how cybersecurity can benefit them at work and at home, the reality it’s only one layer of defence. No?single month and no single activity can create lasting change. ITDMs can only do that by having support from upper management, creating a vision and commitment to build a security culture within their organisations, running cyber awareness-raising campaigns throughout the year that capture hearts, and by continuously evaluating the effectiveness of their strategies and adapting them as needed to address new threats and technologies.

To End…

Cybersecurity Awareness Month is an important time to focus on the safety of web browsing. By understanding the common dangers and taking the necessary steps to secure your web browsing, ITDMs can protect their organisation and workforce from potential threats. Proofpoint's Cybersecurity Awareness Kit provides a comprehensive set of tools to help raise awareness and protect organisations. With the right knowledge and tools, you can ensure safer web browsing for your employees, and that your business is better protected.

Now I want to hear from you

• Tell me how you are using Cybersecurity Awareness Month to drive better security practices, including secure web browsing.
• Or, let me know what tips you have for improving secure web browsing.

Then, sign up to receive Proofpoint’s Cybersecurity Awareness Kit. ?With it, you can break the attack chain by empowering your employees to identify and stop?cyber-attacks. Their unique people-centric education provides employees with targeted learnings, so they know what to do when they’re faced with a real threat. Sign up for it now and receive:

• Content about web browsing threats and how users can defend themselves
• A broad range of security awareness videos to educate users
• Security awareness materials?to reinforce your education initiatives
• Bonus content on AI chatbot threats

Here’s the sign-up link: https://bit.ly/ProofpointJFL

Finally, in the spirit of full disclosure, please be aware that I’ve received compensation for promoting this?#ad?for Proofpoint. Because your success is important to me, I only align myself with brands I believe in, and Proofpoint is one of them.

About Jane Frankland

Jane Frankland is an award-winning cybersecurity leader, author, and women’s change agent. Her authority is referenced by Wiki, LinkedIn (Top Voices) and UNESCO. She built her own global penetration testing firm in the late 90s, has worked as a Managing Director at Accenture, and contributed to numerous industry initiatives, including CREST, Cyber Essentials, and Women4Cyber. Through her IN Security Movement, 389 women have received scholarships, a value of $500,000. She regularly shares her thought leadership and leader-developer skills with forward -thinking companies and governments, and has been featured in the Sunday Times, The Financial Times, The Guardian, Forbes and BBC. To find out more, visit?https://jane-frankland.com