Home / Business & Management / Cyber Security / Advanced Cyber Security Training: Network Security / Employee Reporting
Employee Reporting
This video explains the importance of having structures in place for employees to report questions or incidences of suspicious activity.
In this video, we’re going over employee reporting. While it’s important to have a good training for our employees, it’s also important to have an effective way for them to communicate issues and questions that they run into. We should encourage our users report to any suspicious activities or questions that he might have. Now, of course, this can end up being a double-edged sword. On one hand, our users tend to be on the front lines, and can quickly report suspicious activities to us quickly, and also in greater numbers. After all, our employees tend to outnumber our security staff and our IT staff.
Now, on the other hand, users may report false positives - redundant issues, bombard us with questions, and the influx of information may be overwhelming to us. If we can make report - if we also make reporting a chore or confusing, they may not report anything at all, which is going to be just as bad. So when it comes to reporting, we should be taking a few things into consideration. We want to help train our users on what we’d like them to keep an eye out for. We create a FAQ and offer it. The FAQ can help cut down irrelevant information or bad intelligence. This also may take some time to develop and may be developed over time.
Now, of course, we could take what we already know, the questions that we’d already be getting, and put into a FAQ, but the FAQ needs to be quickly accessible and easy to use. Now, if we have a 23-page HTML document or Word document, almost no one is ever going to go through that document to find what they need to find. However, if we make a FAQ with a search bar, or some commonly asked questions in the FAQ, or even a chat bot - you could setup a very easy chat bot for free - and that could be a great way for people to find whatever information they’re looking for. They type in, “What do I do with this?”
And the chat bot will come back with whatever response it is. Now, of course, as we start getting more and more information, start dealing with more issues, of course, this is going to evolve, and our FAQ needs to evolve with it. Having an out-of-date FAQ, people are going to also be less likely to use it. Now, on the reporting side, we want to make it easy. Making reporting easy for a user is going to be essential. We also want to consider offering an anonymous reporting option for people either embarrassed to report something or if they’re reporting someone else that’s potentially doing something suspicious.
Now, I bring this up, because users, if it’s something embarrassing, an embarrassing question to them, they may not want to report it or ask under their own name. Because, again, it’s going to be embarrassing. People, generally, don’t like to be embarrassing. They don’t like feeling stupid, and they’re going to be less likely to ask that question. And if they don’t ask that question, it’s just going to leave that much of a bigger security hole.
Likewise, if someone wants to report someone or needs to report someone that they suspect of doing wrongdoing, if they have to use their own name, they might be less likely to report it, because they’re going to worry about repercussions - repercussions from either management or repercussions from that particular employee that they’re reporting. Now, with that said, we also want to offer a safe reporting method. That’s going to be essential. It’s advisable not to punish or otherwise demean people who reported an issue or don’t report an issue, for that matter.
Now, if someone reports to us, OK, I clicked this phishing email, and I feel really bad, but I didn’t want to bring it up to you guys - and you say, you idiot. Why did you click that phishing email? It’s clearly a phishing email. Why would you ever do this? Or on the other side, someone reports the phishing email, you say, OK, great. Thanks for reporting it. That’s going to go on your permanent record and your evaluation report. Threatening people, punishing people, demeaning people just means that they’re going to be less likely ever to report an issue ever again. And if people don’t report issues, that’s bad also.
But instead of punishing them, which is going to really reinforce never reporting anything ever again and just do a better job hiding it, we want to keep it open. And say, OK, well, yeah, you shouldn’t have clicked that email, but, OK, here’s what we’re going to do. We want to help you get better. We want to train you a little bit. You’re going to need a little bit more training. It’s not going to go on your permanent record as something negative. We just want to help you learn and so this doesn’t happen again. It’s for your protection, and it’s for our protection. Keeping that open, keeping that relationship on a good basis, is going to be essential.
Because you keep your employees feeling better about things, you feel better, and they’re going to report. They’re going to be more likely to report things that come up. Now, assigning a person to handle the reporting is going to help things run smoother. Versus, if you have just a generic area where all this is being dumped, someone checks it maybe once a week, well, that could be a problem. Because if there’s a spear phishing campaign, it hits your network, that campaign may have hit your network, and wrapped up, and left, and they cleared the tracks before you even knew it.
So having someone actually assigned to help facilitate and handle that can help things run smoother and keep things running quicker and more agile. Now, of course, depending how big your organisation is, how many reports you get in, having, say, a security team of three people and an employee base of 10,000 people, you’re probably not going to handle all those requests. So you may consider outsourcing that. Now, in wrapping up, users are on the front line. Training your users can make a big impact on your security. Making reporting easier and non-threatening is also going to be important. Allow a mechanism for people to report issues safely and easily. And, of course, training is going to be key.
By having a good training system and communication, you can cut down the false positive reporting. Thank you for watching. I’ll see you in the next video.
In this video you will learn about the importance of having structures in place for employees to report questions or incidences of suspicious activity.
The goal of network security is to prevent attacks, and to identify any attacks that do occur as quickly as possible. Employees can be targeted to breach your network in numerous ways. We have already discussed the importance of educating employees about these possible attacks. In this video we discuss the importance of having processes in place so employees can report possible attacks. This helps to ensure that appropriate measures are taken to prevent the attack from being successful or to mitigate any damages.
Reflect and share: To what degree does the concern about false reporting by employees affect your decision in setting up reporting structures for possible network attacks? Share your comments in the section below.
This article is from the online course:
Advanced Cyber Security Training: Network Security
Created by
This article is from the free online
Advanced Cyber Security Training: Network Security
Reach your personal and professional goals
Unlock access to hundreds of expert online courses and degrees from top universities and educators to gain accredited qualifications and professional CV-building certificates.
Join over 18 million learners to launch, switch or build upon your career, all at your own pace, across a wide range of topic areas.
