Last updated at Thu, 31 Aug 2017 14:25:57 GMT

This Thursday, our Cyber Security Awareness Month webcast series kicks off with a look at security in the workplace:

How to Make Your Workplace Cyber-Safe

Thursday, October 8th at 11am ET/ 8am PT and 4pm BST

  • Bob Lord, CISO in Residence at Rapid7
  • Ed Adams, President and CEO at Security Innovation
  • Chris Secrest, Information Security Manager at MetaBank
  • Josh Feinblum, Vice President of Information Security at Rapid7

We won't just be targeting security practitioners, either – anyone who works in an office can benefit.

You may be thinking, “But I don't work in security, so why is that my concern?”

While it's the duty of security and IT to mitigate risk and ensure that the security program adheres to industry best practices, it's in everyone's best interest to ensure that your workplace is cyber-safe. Breaches pose a threat not just to customer information but also PII of employees and partners, not to mention create service outages that strain the entire organization and cause reputational/brand damage with long-lasting effects.

The best way to prevent that scenario is to create a security-centric culture to which everyone feels they can contribute. This prevents the that's-not-my-job mentality that can torpedo even a strong security program. Human error is the mostly frequently seen security incident pattern, according to the 2015 Verizon Data Breach Investigations Report, and so mitigating user risk in the workplace is a highly effective means of bolstering security across the business.

During the webcast, three panelists will join me for a discussion on how to make a workplace cyber-safe by creating a security-centric culture. Our moderator, Bob Lord, has some excellent ideas about starting with the breach and working backwards to determine how far an attacker can get. For example – if a laptop gets lost or stolen, what's the severity? Has the hard drive been encrypted? Similarly, assume a user gets phished. What does the kill chain look like in that scenario?

Some of the other topics we'll cover include:

  • Characteristics of an effective security awareness program: How to make sure that everyone understands risk, and the way in which their footprint impacts the business.
  • Managing passwords and devices: What happens when employees lose a device that's storing company information? We'll touch on encryption and also general password hygiene.
  • Common threats targeted at users: Social engineering and phishing are common and effective mechanisms for infiltrating a network. Workers need to realize that things have gotten way more sophisticated than a Nigerian prince asking for money.