Tammy Gilbert, Chief Information Officer and Vice President of Information Technologies at Trinity Industries, discussed how an organization can educate its employees about cyber security during her presentation at the 2014 Chief Information Security Officer (CISO) Leadership Forum in Dallas on Oct. 2. In her presentation, "What Your Board Needs to Know About Cyber Security," Gilbert pointed out that getting all employees on the same page regarding cyber security can help an organization protect its data.
According to Gilbert, approaching cyber security from a business perspective rather than a technical one can help an organization educate its employees about numerous cyber threats. If an organization identifies how to respond to cyber security incidents, Gilbert said, it can eliminate the threat of a data breach: "Most companies have some sort of incident response, but rarely does it go all the way to the board. I don’t know if yours does or not, but you need to make sure that you’re not surprising your board if there’s a major attack. You don’t want them finding out about it in the paper."
Understanding employees and finding a way to effectively deliver cyber security information to them is key, Gilbert said. An organization that devotes the necessary resources to cyber security education, Gilbert added, can ensure its employees can protect their sensitive data: "Assess your board. Understand their background. Know your audience, who you’re talking to, how to frame up what their concerns are. Gain their interest. Make sure that they understand why it’s important to them. Then feed them educational information."