Brazen cyber attacks by organized crime rings and political groups against high-profile retail giants, powerful government agencies, and energy facilities make news. But you may be surprised to know that one of the biggest risks to the cybersecurity of most businesses isn’t the deliberate, malicious acts of outsiders, but rather the benign, every-day behaviors of employees.
Social media, BYOD, remote working, and mobile devices all make modern business networks more vulnerable to cyber attack. And while a strong cybersecurity technology infrastructure is a must in unpredictable threat environments, it won’t be effective if constantly compromised by employees who don’t understand or follow information security policies — unintentionally or not.
That’s why motivating employees to be personally committed to cybersecurity is a core part of your security strategy. Your objective is to create and nurture a positive security culture that’s internalized by employees and reflected in their behavior, as well as influenced and supported by IT and executive leadership.
How do you build a secure culture grounded in the shared motivation of employees to protect business assets and data? Here are four ways to start.
- Emphasize trust. Create an environment where all employees have a stake in security — not just a handful of experts in security and compliance. Make the protection of critical assets an individual and team responsibility with demonstrated buy-in from the c-suite, who serve as role models. Treat a breach as a learning opportunity, in addition to justification for more monitoring. When an employee’s lack of judgment leads to a breach (e.g. opening an attachment in a phishing email or clicking a website link from an unknown source to trigger malware), ensure that everyone understands what happened, the impact, and how to avoid, report and mitigate risks when it happens again.
- Connect security to success. Encourage employees to view the protection of intellectual property, ideas and data as a strategic asset that enables your organization to innovate and maintain the trust of customers, partners and suppliers. Communicate a compelling, consistent message that resonates with your employees and shows the connection between security and organizational success.
- Create a borderless security environment. A strong security culture stretches beyond the physical boundaries of your business to influence employees’ interactions with data and assets both in and out of work. Confirm that vendors and business partners share your security mindset and comply with your protocols. Be clear and specific about security expectations and consequences for noncompliance.
- Make it easy to “do the right thing.” Virtual work arrangements, social media and smartphones are the norm. That means your organization needs to take steps to train employees to share information securely and protect sensitive information — so they’re not tempted to find unsafe workarounds that put your network at risk.
Employees Need A Safety Net
Investing in your people is a vital step to creating a strong culture of security. But even the most cyber-aware employees will make mistakes; and to provide a reliable safety net, your cybersecurity infrastructure needs to be equally strong. A managed security services provider and partner of leading cybersecurity solutions, Infogressive can help you assess whether your culture and security technology align.