It’s a Team Effort: Developing a Culture of Cybersecurity in the Workplace
Oct 7, 2015
Cyber threats today are evolving, becoming more sophisticated and making it critical for organizations to educate, implement and encourage employees to follow cyber best practices. In a recent RAND Corporation report, sponsored by Juniper Networks, it was projected that the cost to businesses in managing cybersecurity risk is set to increase 38 percent over the next 10 years. This exemplifies that it is now time for organizations to enforce taking a risk management approach to cybersecurity, in an active and collective manner. This requires more than just general awareness of the cause, instead it is a necessity for businesses and employees to have a clear understanding that cyber hacks can happen to anyone at any time and that it’s critical to implement efforts that proactively protect personal data as well as business assets. However, this requires investing in the time and effort necessary to improve the cyber behaviors that may put you and your company at-risk.
Hacker activity today has become so sophisticated that the majority of targets do not realize that they are being phished until after data has been compromised. Currently, some businesses are receiving targeted phishing attacks as a consequence of security breaches, which can disclose valuable data and email addresses. This is why it is important for organizations to educate their employees on the warning signs to look for and to report suspicious activity. This is especially true as businesses become more vulnerable largely due to the Internet of Things (IoT), increased social media use, increased number of telecommuters and employees working from multiple devices, in addition to global business travelers connecting to public WiFi.
The Challenging Task at Hand
As difficult as it may be to get employees to put their daily tasks on hold to learn about cyber best practices, the benefit outweighs the time and there are ways to incorporate lessons within daily activities, which can have a stronger impact due to learning by example. The time invested to learn about proper cyber activity and potential red flags is also beneficial due to the fact that it is less time away from work than an actual data breach, which could disrupt business operations for a lengthy amount of time.
As the lines between our personal and professional lives continue to blur due to use of multiple devices, which not only enable extended workdays, an always-on and always-connected culture, it also puts organizations at more risk for phishing messages to get through deployed security solutions. Therefore, it is more important than ever to enforce the importance of employees looking out for and recognizing the signs of suspicious activity and following best cyber practices when faced with a threat. This includes always confirming URLs match the text before you click and changing passwords regularly on each device. It is critical to impress upon employees not to use the same password on multiple systems and, if they do suspect that they have been phished, to take immediate action to change passwords as quickly as possible.
Enforce Training and Education
These practices and increased knowledge of cybersecurity can be implemented through focused training that’s intended to modify behaviors as well as give employees the awareness and skills they need to participate in defending the company and personal assets. Additionally, understanding how to identify phishing e-mails, what to do if you have identified a phishing e-mail and the steps to take at work and at home to improve your cybersecurity protection is important for anyone who uses the internet.
Cybersecurity must become a priority for every business and every industry. Security technologies are wonderful tools, but are not enough without a culture of accountability. Companies rely on diligent employees to become more proactive about preventative measures to effectively protect their most vital assets as well as confidential employee, company and customer data. We need to encourage employees to arm themselves with the knowledge to make this difference. There is no one tool that can stop phishing attacks 100 percent of the time and some experts say that as many as 95 percent of all attacks on enterprise networks are the result of successful phishing. Therefore, we must strengthen our human firewall to help us defend against these attacks.