Many companies these days are scrambling to acquire bigger and more substantial cybersecurity defenses, but they largely overlook the huge part employees play in cyber defense and compromise. The great importance of having both employee training and education on cyber safety and defense, as well as firm policies in place to protect yourself as a business owner from inadvertent or deliberate employee cyber breach cannot be overstated. Really, cybersecurity requires a two-pronged approach: better cyber defense technology alongside employee training, education, and policies that reinforce rules and punishment for non-compliance with higher security standards. Because hackers aren’t actually the biggest cyber-threat in your workplace: your employees are. (And, some people are both, sadly.)
Effective cybersecurity is a team effort, and shouldn’t be relegated to “that IT guy” or simply outsourced and forgotten about. That team effort involves not only the IT support people you’ve brought in to handle the matter, but everyone in your organization. It’s not something that you check-mark a box for or subscribe to, then throw caution to the wind regarding. It’s an ongoing, all-inclusive thing that requires everyone under the company roof pay attention to on a daily basis.
For instance, ignoring the security warnings that pop-up on your computer – the ones verified as coming from companies like Norton, Comodo, Symantec, Kaspersky, etc. – is a very bad idea, and collectively add to the overall threat posed to your company. As a 2014 Forbes article entitled, How To Talk To Your Employees About Cybersecurity puts it: “Don’t underestimate the power of a teachable moment, and don’t let the moment get away.” This means, don’t gloss over or skip cybersecurity lessons simply because they are seen as unnecessary or superfluous in your corporate culture. Take a cue from the manufacturing and construction industries, says the article, and make cyber safety as routine for any business sector as any OSHA regulations and procedures are for hard-hat industries.
Cyber safety and security, then, is on par with any aspect of workplace safety and security, and should be held as so by staff members – to their detriment, should they not take it seriously. To further quote the Forbes article: “Make sure employees understand your company’s security parameters, and educate them in some of the most common messages they may receive from your own network or online. That way, they’ll understand how to respond appropriately.” One very usual occurrence is for a security window to pop-up, and inform you that that a particular web page or procedure doesn’t have the appropriate security certificate or parameters, and ask them if they wish to continue anyway. Most employees, thinking that security pop-ups are a bother and that they are far too busy to pay attention, will click OK just to get on with what they are doing. What they don’t realize is that they could be putting the entire company database and network at risk by doing so.
“Security in the digital world is similar to security in your personal life,” says Art Gilliland, General Manager of Enterprise Security Products at Hewlett-Packard. “Our lives are becoming more and more digital, and crime is just following that pathway.” People – company employees – still aren’t totally comprehending the fact that clicking NO or X-ing out those pop-ups prompting them to update security or perform necessary cybersecurity “sweeps” is akin to walking alone through an unlit parking lot late at night, or leaving their purse or wallet on the ground in those dark, non-secure areas. Worse yet is the fact that they are leaving the much-bigger company purse on the ground, not even their own. That sounds like a good poster to have pinned up in the workplace: “You wouldn’t leave your own purse or wallet lying around in dark, public areas, would you? Don’t leave the company purse laying around in dark, unsecured areas, then, and click on those security updates.” And, to reiterate, be sure to establish and reinforce policies and procedures that punish those who leave cybersecurity defenses wide open, and give kudos to those who keep them strong. Your employees can be your worst cyber threat but can also help enhance cybersecurity to a great degree as well, by following the training and policies you must enforce in order for them to be useful.
If you have questions regarding cybersecurity in the workplace, Computer Rescue is the leader in providing IT consulting in Calgary. Contact one of our expert IT staff at (403) 686-4567 or send us an email at firstname.lastname@example.org today, and we will help you with any of your cyber defense or security needs.