Column: Cybersecurity options help businesses stay proactive

1/1

Swipe or click to see more

ASSOCIATED PRESS

A worker is surrounded by computer monitors in the Department of Homeland Security’s National Cybersecurity and Communications Integration Center (NCCIC) in Arlington, Va., Wednesday, Aug. 22, 2018.

Select an option below to continue reading this premium story.

Already a Honolulu Star-Advertiser subscriber? Log in now to continue reading.

Get unlimited access

From as low as $12.95 /mo.

Subscribe Now

October is one of my favorite months as it brings fun events like Oktoberfest and Halloween. For the last 15 years, October also has had the distinction of being National Cybersecurity Awareness Month (NCSAM), and as a local cybersecurity professional, I welcome every opportunity to educate computer users about online threats and how to avoid them.

Businesses in particular should be proactive. Investing in security awareness training is a smart move for every business. Teaching your employees the cybersecurity basics greatly reduces your organization’s risk as more than 90 percent of successful computer attacks start with a phishing email. An informed workforce could save your company thousands of dollars in cyberfraud.

For most organizations, security awareness training is necessary to meet annual compliance requirements. Businesses that accept credit card payments must meet the Payment Card Industry Data Security Standard (PCI-DSS). Also, health care providers that have Health Insurance Portability and Accountability Act of 1996 (HIPAA) regulations must provide regular training to employees.

Beyond saving money and meeting compliance requirements, security awareness training can help to motivate your employees. Studies have shown that creating a culture of learning at work leads to happier, more engaged employees.

In-person training enables you to connect with your team while you learn, but if that’s not feasible for a larger, multi-site organization, a variety of computer-based training is available that’s economical and effective. Training should be followed up with regular communication, and there are many free or low-cost resources to help you. I also recommend simulating a phishing attack at least once a year because it is very effective at increasing awareness. There are service providers that can help you with this, too.

I encourage everyone to explore the many free options for cybersecurity awareness. The U.S. Department of Homeland Security, one of NCSAM’s main sponsors, offers training materials on its website at bit.ly/ 1CScvUV. DHS promotes the “STOP. THINK. CONNECT” campaign, which provides content to help launch your own training program.

Locally, organizations such as CyberHawaii aim to connect industry, government, and educational resources to promote cyber awareness. CyberHawaii — www.cyberhawaii.org — recently started a cybersecurity mentorship program that pairs some of Hawaii’s largest businesses with nonprofit organizations to encourage sharing experiences and establishing best practices for cyberhygiene and security.

Matt Freeman, director of information security at Hawaiian Telcom, leads the company’s security training program and provides training services for customers statewide. Reach him at Matthew.freeman@hawaiiantel.com.