Turn Workers Into Security Partners

Rather than just protect employees or protect against them, security managers should rely on users to help defend the business

When the Here You Have worm started spreading last week, Intel had only a small number of its computers infected.
The companys traditional defenses definitely helped, but a critical advantage was its well-trained employees, says Malcolm Harkins, Intels chief information security officer. When workers saw
the worm
and recognized it as a threat, they immediately started calling the IT team.
The employee base saw it, they reacted really quickly, and helped us contain it by alerting us to it and then telling others not to click on it, Harkins says.
With the ubiquity of mobile devices and the ability to do work anywhere, companies need to change their mindset toward their employees and treat them as security partners. Recent research has found that employees are
increasingly bringing personal devices
, such as smartphones, into work or using personal Web services, such as social networks, at work.
Attempting to block workers from accessing potentially dangerous technologies does not work, says Ted Schadler, a vice president and principal analyst at Forrester Research. In their new book, Empowered, Schadler and co-author Josh Bernoff argue that managers need to help employees use todays innovative technologies to help companies thrive.
If you are too obstructive, workers will just do an end-run around you, says Schadler.
Many companies have treated workers as a flock to protect or as wolves to protect against, not as the shepherds they could be. For security managers, that means teaching employees not just how to avoid threats, but to help protect the company against them.
We rethought our security strategy and, you know what, people are the new perimeter, Intels Harkins says. So if you embrace that part of that perimeter, I think your monitoring and detection increases dramatically, which then gives you a much better response time to mitigate exposures.
While companies should continue to deploy data protection technology and monitor logs to detect potential data leaks, recruiting employees through training can provide a contingent of additional security help, he says.
Moreover, the security team itself can use innovative technologies to help its mission. For example, Intels security teams use occasional Web jams internally -- collaborative sessions with team members and employees to build awareness for security and corporate policies. The social networking helps the security team connect more closely with employees, Harkins says.
People want to have debate and discussion, he says. We see it as a channel to leverage to get people to understand this risk issues.
Finally, allow employees to make mistakes and own up to them, Harkins and Schadler say. Taking responsibility is part of empowering the employee to help security, rather than hindering it.
Mistakes sometimes happen, Harkins says. Dont overreact to mistakes. Use it as a learning experience for the employee, and it can be a learning experience for the security people as well.
Have a comment on this story? Please click Discuss below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Turn Workers Into Security Partners