Fortifying Organizational Security- Identifying Causes and Solutions
The article “Lack of Awareness, Poor Security Practices Pose Cyber Risks” by Kathy Gurchiek lists a number of the causes of inadequate security procedures in businesses. Below are the three main causes based on my experiences and the article’s insights, along with recommendations for how to fix them.
ABSENCE OF THOROUGH CYBERSECURITY TRAINING
One of the primary causes of poor security procedures is employees’ inadequate cybersecurity training. Even after receiving earlier training, employees would still provide incorrect answers to cybersecurity questions, according to the article (Gurchiek). In order to effectively combat this issue, organizations should consider implementing comprehensive, long-term cybersecurity training programs rather than just one transactional activity that aims to inform employees about new threats. Interactive modules, phishing attack simulations, and real-world case studies, among other things, can be used to increase employee engagement and understanding.
LACK OF EMPLOYEE OWNERSHIP AND ENGAGEMENT
Employees may not pay attention to security awareness training, or they may think it is someone else’s job. They could believe that the IT department should be the only one responsible for online safety. Thus, businesses must encourage a culture of shared accountability where people understand that everyone is accountable for cyber security to address this issue (McEvoy and Kowalski). This can be accomplished by involving staff members in campaigns like reporting suspicious activity or making recommendations. Providing employees with more incentives to participate in these initiatives can help raise employee engagement.
INADEQUATE RESOURCES AND BUDGETARY RESTRICTIONS
Many organizations struggle with the resource and budgetary constraints that come with cybersecurity. This frequently leads to obsolete security systems and a lack of funding for cutting-edge technology used in digital defence systems. This issue can be addressed by allocating more funds for cybersecurity measures to the point where they are integrated into regular business operations (Gurchiek). Risk management techniques should be prioritized in a way that minimizes vulnerability in the face of budgetary constraints, maximizing effectiveness through appropriate identification of vulnerabilities and stressing the financial costs associated with internal organization breaches.
Works Cited
Gurchiek, Kathy. “Lack of Awareness, Poor Security Practices Pose Cyber Risks.” SHRM, 7 July 2021, www.shrm.org/resourcesandtools/hr-topics/technology/pages/lack-of-awareness-poor-security-practices-pose-cyber-risks.aspx.
McEvoy, Thomas Richard, and Stewart Kowalski. “Deriving Cyber Security Risks from Human and Organizational Factors – a Socio-technical Approach.” Complex Systems Informatics and Modeling Quarterly, no. 18, Apr. 2019, pp. 47–64. https://doi.org/10.7250/csimq.2019-18.03.
ORDER A PLAGIARISM-FREE PAPER HERE
We’ll write everything from scratch
Question
Access and read the article “Lack of Awareness, Poor Security Practices Pose Cyber Risks ” by Kathy Gurchiek on the Strategic Human Resource Management (SHRM) web site.
From your own experiences and the information in Ms. Gurchiek’s article, name
three causes for poor security practices in organizations and suggest how they could be resolved.
Your discussion posting in each lesson has two parts, each of which is scored separately but in one point total.
1. Your main discussion posting is a response to the question or request made by the discussion description. Your response must be at least 75 words in
length, not including any quoted or
sourced content, such as a cut-and-paste