Security Training & Awareness

How has this idea enhanced your club's operation, etc.?

Cyber security is the application of technologies, processes and controls to protect systems, networks, programs, devices and data from cyber attacks.  It aims to reduce the risk of cyber attacks and protect against the unauthorized exploitation of systems, networks and technologies. Up to date hardware, firewalls, policies and monitoring all play a part in risk mitigation, but even the most robust physical and access controls cannot protect from your employees opening or downloading dangerous content, often unknowingly.  Each month CCB email users are sent a link to a 3-5 minute video covering a new cyber security risk topic.  Ongoing, consistent training presented in short bursts with current topical risks engages employees, and keeps cyber security top of mind.  Management monitors employees progress on a dashboard and ensures all employees receive timely training.

How was this idea implemented, and what have been the club members' reactions?

The club’s insurance committee approved a cyber insurance policy two years ago, and encouraged management to take an active role in managing IT risks internally.  Management has been working with our outside IT provider, focusing first on up-to date hardware and access policies.  Next steps included user password policies and multi-factor authentication, but we soon realized that ultimately we need savvy educated employees to discern cyber risks in order to reduce the club’s risks.  Since starting the monthly videos’ employees have asked questions before they “click”  when faced with something out of their “ordinary” frame of reference.  Employees are also quicker to point out equipment failures or anything that seems to have changed to ensure it should be expected.