纳粹营造的氛围_如何在公司中营造网络安全文化

最新推荐文章于 2025-06-14 18:14:18 发布

weixin_26722031

最新推荐文章于 2025-06-14 18:14:18 发布

阅读量227

点赞数

文章标签： java python

原文链接：https://medium.com/inc./how-to-create-a-culture-of-cybersecurity-at-your-company-9469ee2d2f4c

版权

纳粹营造的氛围

By Neill Feather

尼尔·羽毛

It’s no secret that cyberattacks are on the rise, which means it’s becoming increasingly critical for small and midsize businesses (SMBs) to incorporate cybersecurity into their business strategies. Studies show that the average website is attacked 94 times per day, and that cybercriminals often target employees when attempting to infiltrate business websites.

网络攻击呈上升趋势已不是什么秘密，这意味着将中小企业将网络安全纳入其业务战略变得越来越重要。研究表明，平均每个网站每天受到94次攻击，而网络罪犯在试图渗透到企业网站时通常会以员工为攻击目标。

Unfortunately, these attacks targeting employees are often successful. In fact, 54 percent of businesses that suffer data breaches identify employee error as the main cause of the breach. In many cases, this is because employees are unaware of common methods cybercriminals use to obtain sensitive company information.

不幸的是，这些针对员工的攻击通常是成功的。实际上，遭受数据泄露的企业中有54％认为员工错误是造成数据泄露的主要原因。在许多情况下，这是因为员工不了解网络犯罪分子用来获取敏感公司信息的常用方法。

To help combat cyberthreats, businesses can incorporate security awareness training and best practices into their company culture. Here are some guidelines for companies that want to implement security awareness training and improve their cybersecurity without breaking the bank.

为了帮助应对网络威胁，企业可以将安全意识培训和最佳实践纳入其公司文化。以下是一些公司的指南，这些公司希望实施安全意识培训并提高其网络安全性而又不致于破产。

在安全意识培训中掩盖网络钓鱼攻击 (Cover Phishing Attacks in Security Awareness Training)

At least 91 percent of advanced cyberattacks are carried out through phishing emails. For this reason, it’s essential to educate your employees on how to identify and respond to possible phishing emails. During the security training, explain that common signs of phishing emails include an incorrect sender address, embedded links, and spelling or grammar errors.

至少91％的高级网络攻击是通过网络钓鱼电子邮件进行的。因此，必须对您的员工进行有关如何识别和响应可能的网络钓鱼电子邮件的教育。在安全培训期间，请解释网络钓鱼电子邮件的常见标志包括不正确的发件人地址，嵌入的链接以及拼写或语法错误。

Also, be sure to train your employees on what to do if they receive a possible phishing email. Instruct them to never respond to suspicious emails, to delete the emails immediately, and to notify IT or the appropriate department within your business. In addition, you can deploy phishing simulations to employees to ensure their preparedness in the event of a real phishing attack. This involves sending mock phishing emails to give your employees valuable practice in identifying and responding to phishing attacks.

另外，请确保对您的员工进行培训，使其在收到可能的网络钓鱼电子邮件时如何处理。指示他们永远不要响应可疑电子邮件，立即删除电子邮件，并通知IT部门或您企业中的相应部门。此外，您可以将网络钓鱼模拟部署到员工，以确保他们在遭受真正的网络钓鱼攻击时做好准备。这涉及发送模拟网络钓鱼电子邮件，从而为您的员工提供有价值的实践，以识别和响应网络钓鱼攻击。

强制使用强密码 (Enforce Strong Passwords)

During your security awareness training, make sure to stress the importance of using strong passwords to your employees. Weak passwords can be easily guessed by cybercriminals, as the Ponemon Institute’s 2019 Global State of Cybersecurity report demonstrates. In the report, an incredible 70 percent of SMBs state that their employees’ passwords had been stolen in the past year.

在进行安全意识培训时，请确保向员工强调使用强密码的重要性。正如Ponemon Institute的《 2019年全球网络安全状况》报告所表明的那样，网络罪犯很容易猜到密码很弱。在报告中，令人难以置信的70％的中小型企业指出，他们的员工密码在过去一年中被盗了。

Instruct your employees on secure password practices such as avoiding using names, birthdates, and easy number combinations such as “123.” In addition, direct them to use a unique password for every account, and enable two-factor authentication whenever possible. Utilizing unique passwords for each account ensures that cybercriminals cannot use credentials compromised from one account to compromise another (e.g., using your email password to access a bank account).

指导您的员工进行安全的密码操作，例如避免使用姓名，生日和简单的数字组合(例如“ 123”)。另外，指导他们为每个帐户使用唯一的密码，并在可能的情况下启用两因素身份验证。为每个帐户使用唯一的密码可确保网络罪犯无法使用从一个帐户入侵的凭据来入侵另一个帐户(例如，使用您的电子邮件密码访问银行帐户)。

On top of these best practices, implement a password manager for an added layer of security. Password managers generate and store complex passwords that may be more difficult to remember, but they are also much more difficult for cybercriminals to crack, which helps prevent security breaches.

在这些最佳实践的基础上，实施密码管理器以增加安全性。密码管理器会生成和存储复杂的密码，这些密码可能更难记，但对于网络罪犯而言，也更难破解，这有助于防止安全漏洞。

远程工作时保持安全 (Stay Secure While Working Remotely)

With thousands of business owners and employees now working from home, it’s crucial to keep your employees informed on how to stay secure when working remotely. Your cybersecurity training should also educate employees on how to maintain safe computing and online habits when working outside the office.

现在有成千上万的企业主和员工在家中工作，至关重要的是使您的员工了解如何在远程工作时保持安全。您的网络安全培训还应该教育员工在办公室外工作时如何维护安全的计算和在线习惯。

Given the current environment, you should teach your employees about topics such as email and instant messaging security best practices, how to protect mobile data and devices, and how to defend themselves against phishing and other cyberattacks. In addition, instruct them to use a virtual private network (VPN) on their work devices to help keep company data and communications secure when working from home.

在当前环境下，您应该教会员工有关电子邮件和即时消息安全最佳实践的主题，如何保护移动数据和设备，以及如何防御网络钓鱼和其他网络攻击。另外，指示他们在工作设备上使用虚拟专用网(VPN)，以确保在家工作时确保公司数据和通信的安全。

减少资源，提高网络安全性 (Improve Cybersecurity With Fewer Resources)

You may lack the budget and resources of larger organizations, which can make it more challenging to develop a strong cybersecurity strategy. However, implementing security awareness training is a cost-effective solution for helping you improve your cybersecurity.

您可能缺乏大型组织的预算和资源，这可能会使制定强大的网络安全策略更具挑战性。但是，实施安全意识培训是一种经济高效的解决方案，可帮助您提高网络安全性。

You can develop these employee training programs yourself, or you can partner with a cybersecurity provider to conduct regular security awareness trainings. Some cybersecurity providers also offer phishing simulations to ensure employees are able to apply the skills they’ve learned. You can save time and money by choosing a provider that offers both, while receiving the most value from the training.

您可以自己制定这些员工培训计划，也可以与网络安全提供商合作进行定期的安全意识培训。一些网络安全提供商还提供网络钓鱼模拟，以确保员工能够应用所学技能。您可以选择同时提供这两种服务的提供商，同时从培训中获得最大价值，从而节省时间和金钱。

When businesses send simulated phishing emails to their employees once a month, research shows that the clicks on these simulated emails decrease by 27 percent over time. By implementing regular security trainings and following up with routine phishing simulations, organizations can prepare their employees to be the first line of defense against cyberattacks without adding a lot of additional expense in the process.

当企业每月向员工发送一次模拟网络钓鱼电子邮件时，研究表明，随着时间的推移，这些模拟电子邮件的点击次数减少了27％。通过实施定期的安全培训并跟踪常规的网络钓鱼模拟，组织可以使员工成为抵御网络攻击的第一道防线，而无需在此过程中增加很多额外费用。

Cyberattacks on businesses are becoming more prevalent and sophisticated. As cybercriminals increasingly target the company’s employees, it’s imperative to ensure employees are knowledgeable on common attack methods and security best practices. Small to midsize businesses can improve their overall security posture by integrating cybersecurity awareness into their company culture without incurring major expenses.

对企业的网络攻击变得越来越普遍和复杂。随着网络犯罪分子越来越多地将公司员工作为攻击目标，因此必须确保员工熟悉常见的攻击方法和安全最佳实践。中小型企业可以通过将网络安全意识整合到公司文化中来改善整体安全状况，而不会产生大笔费用。

The opinions expressed here by Inc.com columnists are their own, not those of Inc.com.

Inc.com专栏作家在这里表达的观点是他们自己的，而不是Inc.com的观点。

翻译自: https://medium.com/inc./how-to-create-a-culture-of-cybersecurity-at-your-company-9469ee2d2f4c

纳粹营造的氛围