People, along with tools and processes, are key to effective cybersecurity. But without the appropriate training and education they can pose the biggest threat.
The digital threatscape is proliferating exponentially – phishing emails increased almost 800 percent quarter-to-quarter in Q1 2016, to 6.3 million, and ransomware soared 300 percent year-over-year on its way to a billion-dollar-a-year problem. So it's vital to remember that effective cybersecurity rests on three pillars: products and services, processes, and people. Simply throwing more money and resources at cybersecurity is not the answer. People are the key, and everybody has a role to play in effective cybersecurity.
A holistic approach that protects people, things, processes, and all the data they create from intentional and unintentional harm is required, and all of this can be combined and enhanced by creating a culture of cybersecurity at work. It can mean the difference between business survival or failure, especially in the digital era: Cybersecurity is the foundation of digital business and innovation.
The general public has become acutely aware of cyber threats during this election cycle, so let's use this as motivation to secure our own devices, networks, and data. Testifying before Congress in October, FBI Director James Comey said, " ... the pervasiveness of the cyber threat is such that the FBI and other intelligence, military, homeland security, and law enforcement agencies across the government view cyber security and cyber attacks as a top priority.”
However, as scary as the external threatscape is, the internal challenges are equally problematic. Not only are ‘normal, everyday users,' i.e. your staff, partners, and customers, ‘the weakest links in the digital security chain,’ but 95 percent of all security breaches were caused by human error.
So creating a culture of cybersecurity at work is imperative, and while neither simple nor easy, it is a readily achieveable objective with the appropriate processes and practices. Effective cybersecurity requires the involvement of everybody, all the time, to:
In the workplace that starts with employee education, training and awareness of the internal and external risks and the processes and practices that will will reduce and remediate these threats. A good place to begin is with 3 things every employee needs to know about online security.
Because cybersecurity is not a one-time, one-size-fits-all, all-in-one solution, the workplace requires a flexible and dynamic approach that changes as the threatscape, tools and techniques change. Your cybersecurity culture should include:
How SMBs can keep data and devices protected - no matter where work is being done.
How organizations can become more cyber resilient, and how they can fix blind spots in their cybersecurity strategy.