We use cookies and similar technologies to recognize your repeat visits and preferences, to measure the effectiveness of campaigns, and improve our websites. For settings and more information about cookies, view our Cookie Policy. By clicking “I accept” on this banner or using our site, you consent to the use of cookies.

I Accept
Visit avast.com
English
Search Menu
Close
Sections
Business Security

Creating a culture of cybersecurity at work

Business IT Research, 15 January 2017

People, along with tools and processes, are key to effective cybersecurity. But without the appropriate training and education they can pose the biggest threat.

The digital threatscape is proliferating exponentially – phishing emails increased almost 800 percent quarter-to-quarter in Q1 2016, to 6.3 million, and ransomware soared 300 percent year-over-year on its way to a billion-dollar-a-year problem. So it's vital to remember that effective cybersecurity rests on three pillars: products and services, processes, and people. Simply throwing more money and resources at cybersecurity is not the answer. People are the key, and everybody has a role to play in effective cybersecurity. 

A holistic approach that protects people, things, processes, and all the data they create from intentional and unintentional harm is required, and all of this can be combined and enhanced by creating a culture of cybersecurity at work. It can mean the difference between business survival or failure, especially in the digital era: Cybersecurity is the foundation of digital business and innovation.

The general public has become acutely aware of cyber threats during this election cycle, so let's use this as motivation to secure our own devices, networks, and data. Testifying before Congress in October, FBI Director James Comey said, " ... the pervasiveness of the cyber threat is such that the FBI and other intelligence, military, homeland security, and law enforcement agencies across the government view cyber security and cyber attacks as a top priority.”

However, as scary as the external threatscape is, the internal challenges are equally problematic. Not only are ‘normal, everyday users,' i.e. your staff, partners, and customers,  ‘the weakest links in the digital security chain,’ but 95 percent of all security breaches were caused by human error.

So creating a culture of cybersecurity at work is imperative, and while neither simple nor easy, it is a readily achieveable objective with the appropriate processes and practices. Effective cybersecurity requires the involvement of everybody, all the time, to:

  • Identify and protect your organization’s digital ‘crown jewels’
  • Be able to detect incidents and have a plan for responding
  • Quickly recover normal operations

In the workplace that starts with employee education, training and awareness of the internal and external risks and the processes and practices that will will reduce and remediate these threats. A good place to begin is with 3 things every employee needs to know about online security.

Because cybersecurity is not a one-time, one-size-fits-all, all-in-one solution, the workplace requires a flexible and dynamic approach that changes as the threatscape, tools and techniques change. Your cybersecurity culture should include:

  • Comprehensive cybersecurity architecture that is part of business processes, not an add-on
  • Ongoing education, training, and reviews that involve everybody
  • Focus on individual responsibility and awareness that everyone has a vital and ongoing role in cybersecurity

5 tips for creating a culture of cybersecurity at work

  1. Find the motivation: Knowing about security is vital. Nowadays, people are commonly exposed to password challenges, phishing, data theft among various others threats. By addressing security concerns and risks, employees can better protect themselves against such risks at work and at home.
  2. Create competition: By creating a healthy competition within the organization, employees will be more engaged and take security measures seriously. Not only will the employees be motivated to adapt security measures, they will promote it to others and compete to have the best security to safeguard their online presence.
  3. Form security awareness allies: Ensuring security measures are taken seriously is not the sole responsibility of the security team. Other departments must be involved so that everyone is practicing the same measures and leaving no space for a breach.
  4. Empowering employees to take initiatives: By empowering employees within the organization and recognizing their initiatives, motivation levels will increase, which will likely lead to efficiency. Many employees prefer empowerment over monetary benefits.
  5. Keep it simple and aligned to the business: The objectives of your business must be clearly defined and processes must be aligned to achieve business objectives. Every employee must be made aware about their priorities and security is no different as the value of security must be instilled in processes to protect the overall organization.

Related articles

Business Security

How ready are you for GDPR? Try our Spot the Mistakes game to find out. | Avast Business

See if you are GDPR-ready and can spot some simple mistakes in this fictional example.

25 May 2018 min read
Business Security

Are your SMB clients GDPR-ready? | Avast Business

GDPR compliance brings challenge and opportunity for the IT channel

24 May 2018 min read
Business Security

GDPR is coming - here's why you don't need to panic | Avast

Here are answers to 10 key questions on GDPR.

23 May 2018 min read

Follow us

1988 - 2018 Copyright © Avast Software s.r.o. | Sitemap Privacy policy