Big business. Big bucks to spend on sparkly, high-end IT gadgets and personnel. And the more dazzling the technology and degreed the staff, the better the cyber security. Right? Not exactly. The latest and greatest technologies can actually complicate risk and don’t address all potential threats – like uninformed employees. Comprehensive cyber protection requires an enterprise-wide cyber security culture that goes beyond biometric bells and white-collar whistles.
Management and staff alike must realize that cyber weaknesses lie within the human element, as well as technology. The most robust virus protection cannot stop the employee who leaves behind at the coffee shop his non-password-protected tablet containing unencrypted company data. Nor can a worker be responsible if a criminal lifts his fingerprints from the building entrance to gain access to the office and its computers. An organization needs to construct a trifecta of cyber-literate staff, preventative processes, and appropriate technologies…that culminate into a full-blown cyber security culture.
Here are a few stats to help drive home why IT and technology alone aren’t enough:
- 35% of employees report that they store their passwords on their mobile phones1
- Stolen or weak passwords have led to 81% of data breaches5
- 2,124 data breaches in the U.K. were due to human error2
- 77% of employees haven’t receive instructions for bring-your-own-device (BYOD) risks4
- Antivirus software didn’t stop ransomware attacks to more than 300,000 computers in 150 countries in 20177
- 5.6 million figure prints were stolen when the Office of Personnel Management was hacked3
- Thieves have fooled biometric authentication devices with fingerprints in Gummi Bears and close-up facial photos6
So how does an organization go about building a cyber-aware culture? Here are some suggestions:
Create Your Cyber Security Culture
- Understand Cyber Risks are Business Risks
Again, cyber security simply isn’t about IT keeping company computers safe from pesky viruses. Cyber security is business security. In today’s business world, a breach can mean substantial loss of revenue, clients, customers, and reputation. Merck, a mammoth American pharmaceutical company lost nearly $1 billion in sales, production, marketing, and recovery costs over the course of a year from a single malware attack.
- Work from the Top Down
Cultivating a cyber-aware culture is not a change that can happen overnight. It’s a gradual, yet deliberate shift – slow and steady wins the race. But it must begin at the top. Without efforts from energized leadership, there’s little motivation for movement. You must help your personnel understand how their actions contribute to cyber risks, and how that threatens the business, their jobs, and even their own privacy.
- Deliver More than Annual Training Classes
One cyber security class every 12 months won’t create a security-minded employee. In 2 months, most of what was taught will have faded into the daily grind. Security is perpetual and so should it be in the minds of your staff. Additionally, hackers’ techniques and MOs are evolving at alarming speeds. To keep ahead of the bad actors, you and your staff must be aware of the most current schemes. To accomplish both points, conduct frequent and multifaceted cyber-awareness training. And keep it fresh and fun. Such as…
- Put Them to the Test
Get employees involved in cyber security testing. Turn it into a game…conduct simulated attacks and offer a small reward to those who don’t fall “victim” by clicking on malware-infected links. This is a good barometer to see where you need to focus efforts, but also gets them thinking in safe, life-like scenarios.
- Designate Obtainable Enterprise Security Goals
Make the goals attainable, but do not punish employees for failure. A frightened worker may be less likely to report a breach or other security issues if they fear strong retribution. Instead, take the opportunity to offer addition training and use the situation as a learning opportunity for all.
Too often companies rely solely on fancy IT and forgo instilling a constant climate of awareness and prevention in all employees. It’s like locking the office doors, but leaving the windows open. You’ve secured the most obvious point of ingress, but neglected the other avenues of entry. But through staff training and promoting a cyber-aware culture you can greatly bolster your cyber resiliency. Your business depends on it.
For more great industry insights, check our free whitepaper:
1. 23 BYOD Statistics You Should Be Familiar With, Ingram Micro Advisor, 2018
2. Revealed: Human Error, Not Hackers, to Blame for Vast Majority of Data Breaches, Computer Business Review, 2018
3. 3 Reasons Biometircs Are Not Secure, ipswitch, 2018
4. How to Prevent Data Breaches Caused by Employees, Security Boulevard, 2018
5. The 5-Minute Companion for the Cyber-Conscious Employee, Zacks Investment Research, 2018
6. Biometrics; Authentication as a Systems Problem, Columbia CS @CU, 20107. Why Antivirus is not Enough? MalwareFox, 2018
Written by Angie Longacre
As a writer for Assurance Software, Angie devotes her craft to promoting business continuity and disaster recovery awareness, and trumpeting Assurance Software’s invaluable benefits for both. When she’s not commanding the keyboard, you can find her outside for a run, searching for her next antique treasure, or lost in a good book.