getty
An organization’s first line of cyber defense is its team members, and one essential role they play is keeping up with software and security updates on company-issued devices. With the demands of their day-to-day work, it can be all too easy for team members to fall behind on this important task—which leaves not only their devices but the entire company’s digital assets vulnerable.
Educating team members on what’s at stake can make a difference, but only if the information is presented in an understandable, persuasive fashion and is backed up by other practical defensive protocols. Below, the industry experts of Forbes Technology Council share effective ways to ensure your companywide team understands the importance of software updates and applies them in a timely manner.
1. Share Examples Of Failures And Successes
Creating a culture of security starts at the top. Emphasize how important it is to stay up to date with infosec software. Share examples of businesses that have failed to do so, and show what success can look like when everyone stays secure. - Eva Pittas, Laika
2. Make It Fun And Rewarding
Gamification combined with education works wonders to spur fast, widespread updating. Provide clear directions and set expectations on what team members will experience. Enter people into a raffle for applying OS updates. Handing out gift cards is an inexpensive way to achieve a big upside in terms of both reduced risk and happy employees. Most importantly, remember that shame doesn’t work—it can drive employees away. - Dave Merkel, Expel
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
3. Start At The Top, But Make It A Team Effort
It’s critical to shape a culture of cyber safety that’s driven by the executive team, who should make cybersecurity an organizational responsibility. At every opportunity—in all-hands meetings, staff meetings and so on—leaders must highlight its importance. IT also needs to collaborate with the communications team to spread the importance of security: training, cyber council meetings and more are valuable drivers. - Satya Jayadev, Skyworks Solutions, Inc.
4. Consider The Benefits Of A Software As A Service Solution
One of the benefits of a SaaS-based cybersecurity solution is that it often handles updates automatically. Automation and ease of use are key in getting team members to adopt any system or upgrade. Automated security features, such as one-click compliance for regulations including HIPAA, PCI and GDPR, will take a portion of the burden of compliance out of the user’s hands. - Rom Hendler, Trustifi
5. Teach Methods For Home Cybersecurity
Show your employees how to secure their home lives. Do this well, and it will eventually become second nature to them at home, and that will eventually transfer into the workplace. Bonus point: The result is often a symbiotic relationship between cybersecurity and the rest of the organization. - Jerich Beason, Epiq
6. Focus On Awareness, Automation And Administration
Follow the “AAA Formula”: awareness, automation and administration. Spreading awareness by educating teams about what to expect and how to act in uncertain situations can boost preparedness. Employing automation in cybersecurity protocols for updates, alerts, access control and lockdowns adds another layer of protection. Finally, the administration of vulnerabilities, trends and behaviors reduces risk and stress for the workforce. - Prasanna Singaraju, Qentelli
7. Employ Remote Software Management
Many companies maintain their corporate assets, such as PCs, tablets and phones, via remote software management. Remote software management assures compliance and verification by “pushing” the latest software versions, patches and security products out to remote devices. These tools also aid with the removal (cleansing) of products and sensitive information when an employee leaves the company. - Steve Richmond, Projetech
8. Make Compliance As Easy As Possible
Simply put, make it easy for your team. Educate them on why keeping up with upgrades is important and how to do it—both at work and at home. For work computers, deploy patches proactively and/or let the team know when the patches will be deployed. Remember that we are all human and people will make mistakes, so ensure you have the right type of endpoint protection, monitoring and response software on any company-owned equipment. - Lewie Dunsworth, Nuspire
9. Minimize The Number of Maintenance Tasks Team Members Must Do
Think “less is more.” Be realistic about what you expect from (and ask of) team members. Whatever you do, don’t give them more to do. Instead, automate the update process to the extent you can, or simply centralize your apps in the cloud. When maintenance tasks are minimal rather than burdensome, they’re vastly more likely to get done. - Adam Stern, Infinitely Virtual
10. Find Out Why People Procrastinate
It’s easy to push out software updates. Find out what’s causing the procrastination: Is it fear of not recovering 150 open browser tabs, losing a local dev environment or just unsaved documents? Are there tweaks that can be applied to make a fresh reboot less tedious? Once that is out in the open, start measuring and reporting group-level “freshness” in your interactive all-hands meetings. - Bill Mann, Styra, Inc.
11. Leverage Tools From Software Providers
One practical way to update software companywide is to push updates to devices automatically. Microsoft, Adobe, Apple and other providers have tools that IT administrators can use to force updates as they are released or determine which updates team members will receive. Administrators can also manage Web browser versions and encryption protocols. - Warith Niallah, FTC Publications Inc
12. Share ‘Personalized’ Information
Team members should be informed about the types of cyberattacks that could affect their personal workflows. For example, employees in finance should be aware of cyberattacks that could affect their department’s operations, such as phishing or malware attacks, while employees in R&D should be aware of cyberattacks that could affect their department’s workflows, such as exploiting vulnerabilities in software. - John Giordani, NCHENG LLP
13. Establish A Central Update Manager
Proactive communication is very important if you want to have team members update their software when security updates are released. Having a central update manager that pushes notifications to employees and agents on employees’ devices that receive the notifications is a practical way to automate the pushing and application of updates to remote employees’ devices via the internet. - Bhagvan Kommadi, Quantica Computacao
14. Partake In Biannual Or Quarterly Refreshers
It’s critically important that organizations issue a companywide cybersecurity protocol that every employee takes part in. Further, organizations must partake in biannual or quarterly companywide cybersecurity policy refreshers to ensure they are up to date and prepared should a cybersecurity event take place. - Marc Fischer, Dogtown Media LLC
15. Block Access When Users Haven’t Updated
Block or control access until the system is updated. While continuous delivery and push updates work effectively, a company should take no risks and should instead control the access to systems by users who haven’t updated to the latest approved version of the software. The loss of an individual’s productivity when they’re blocked from access is outweighed by the risk of this individual spreading malware or becoming a vulnerability. - Spiros Liolis, Micro Focus
16. Share Easily Digestible Information When It’s Relevant
Security awareness has to be a part of users’ normal work environment. Break knowledge into small, consumable chunks. Present bits of information when they are relevant and helpful and not a distraction. And remember, a user’s mistake should never be the reason for attackers to be successful. Recognize the role users play in securing your data, and build defense in depth with layers of controls. - Ilia Sotnikov, Netwrix
