Help employees and executives understand that by sharing potential threats and concerns, they are all taking part in making the workplace a safer place for everyone while establishing a grassroots cyber defense that's effective against potentially severe cybersecurity issues.
Spread The Message And The Risks
For everyone in the organization to play an active role in your business' cybersecurity culture, they must understand just how critical cybersecurity is to the organization and its growth. Here are a few facts that might help you drive the point home:
Phishing emails account for 91% of cyber-attacks (someone innocently clicking on a random email or link). One study suggests that 1 out of every 131 emails contains a malware threat.
Computer virus and malware attacks grew by 145% in 2017, while data breaches increased 164%.
More than 50% of all businesses experienced a cyber attack of some form last year
81% of breaches are the result of either stolen or weak passwords.
One IT manager purposely slowed his network to a crawl to get people's attention. When employees complained, he let it be known that all it takes is one random email to cause the whole system to be compromised. While we're not advocating this tactic, it was useful in bringing the problem to the attention of employees who interact with the company's network on a daily basis.
Formal Policies And Procedures
You likely have an Employee Handbook or Organizational Best Practices guide that outlines your organization's human resources policies and procedures. Review yours and see what it says about best practices in your area. Employees are regularly reminded about the importance of building security, such as keeping office doors closed but fail to address leaving computers on when people leave the office. Doing so eases access to anyone who's looking to cause a problem for your organization at will to do so.
It's also critical that your organization establishes a formal password policy to ensure they're strong and effective against a breach (i.e., using letters, numbers, and symbols). A recent study by Keeper, a password storage company, determined that 50% of people use the 25 most common passwords. Scanning 10 million passwords that were leaked in data breaches, the most commonly used passwords included 123456, qwerty, and password.
Some companies require password changes every 30 days or even more often. Consider 2FA (two-factor authentication) when logging into an account or service. While employees may complain about the practice, it's a reminder every month of how important security is and how seriously the organization takes it. It's also a good idea to do an occasional sweep through the office and check on monitors, under calendars, and keyboards to see if that's what they are doing.
Consider restricting employee access to systems, networks, and software they don't need as part of their job. Give them access to only what they need and use. If they need to access something for which they don't have access, make them justify the need.
Cyber Security Training And Education
According to a study by the Aberdeen Group, consistent training can change behavior and reduce cybersecurity-related threats by more than 45%. Consider making security training a part of each employee's onboarding process, with at least an annual refresher course. It's critical to the well-being of your organization that every employee knows the company's stance on cybersecurity and why it's essential.
While every business can do a great job of policing its networks and having an eye for dangerous intrusions, it can still be left open to cybersecurity-related issues. To establish an embedded and effective cybersecurity culture in your organization, all employees at every level of your organization must not only be on board but actively involved in your cybersecurity defense.
Any solution starts with a conversation. Our team is ready to discuss your projects, immediate security concerns and confidential actions. We are looking forward to hearing from you.