The right cybersecurity strategies and ideal manpower only completes half the job. Enforcing cybersecurity culture completes the other half in a workplace.
USD $600 billion – that’s the amount of money lost to cybercrime each year. To put things into perspective, that makes up Taiwan’s GDP for 2018. The amount of money loss due to the proliferation of cybercrime is staggering, and it is essential that workplace defends itself against worst case scenario.
Who Are The Victims?
It was reported that certified public accountants and law firms were primary victims of attacks at 22.4%, followed by software services and healthcare services at 17.2% and 10.2% respectively in Q1 2019. The cybercriminals also developed a proclivity for banks and financial services as they too fell to cybercrime in 2018 with higher incidents than other industries.
Is your organization at risk? Probably not if the business nature is not closely associated with any of these vulnerable companies above. However, it’s too early to feel relieved because believe it or not, it takes up to 206 days (average) to identify a security breach according to IBM.
Machinery + Manpower: When Double Protection Is Deficient
Often organizations will attempt to fortify protection by employing the right cybersecuirty specialists and install high end softwares and hardwares. However, this may not be sufficient in an environment whereby cybercriminals are getting smarter and the trajectory of destruction is colossal.
Prevention is better than cure, and cybersecurity culture actualizes greater agency of employees to strengthen protection from within. Cybersecurity culture is more than asking employees to change passwords regularly, it’s to inculcate a change in thinking and behaviour.
Realizing Cybersecurity Culture In A Workplace
Redefine basic cybersecurity policies.
A strong password is often long and complicated, no? As a result, employees often forget their passwords and some resorted to simple passwords. To create a strong and memorable password, we recommend this guide. Deciding who has access to sensitive data and intelligence of organization is the first step to prevent data breach.
In addition, cybersecurity specialists in the workplace should also instate roles and restrict employees’ access to data, system, and software. This would avoid accessibility from becoming too readily available. Should unwanted incidents take place, investigation can yield more results as only certain suspects have access in the first place.
Continuous cybersecurity training
Research shown that people forgot 90% of what they learned within 24 hours. Therefore, cybersecurity training should be a periodic occurrence in an organization. Recurring training helps employees to retain information better and put them into actual practice.
It would also be ideal if the training can be tailored made for employees of each different departments. Each individual has a different duty in an organization, and certainly, one general cybersecurity training is unlikely to yield any positive effects on them – as a specialized course is better.
Post-training monitoring
How effective was the organization’s cybersecurity training strategy? Surveillance on the training outcome will provide some good insight. One needs not wait for a nasty cyberattack episode to gauge the preparedness of employees.
Instead, employers should organize games and competitions that examines theoretical and actual practice of cybersecurity culture.
Engaging and fun activities are recommended compared to any simulated tests for non-cybersecurity specialists. Such strategies can help participants to recall and apply what they learned in relaxed scenarios.
Make Reporting Easier
Communication is important between employees and cybersecurity specialists and IT department. Employees should be encouraged to make a report if they suspect something is not wrong. It is also important that they are willing to respond to feedback with positive attitude.
On the other hand, cybersecurity specialists need to work with other employees as a team. It is unwise to criticize mistakes harshly as it would create a chilling effect among employees for fear of punishment.
Why cybersecurity culture is essential?
Brand reputation. Research found that 62% of consumers are willing to walk away from a business after a data breach. Angry customers are bad news for business. Organizations not prepared for cyberattacks will face harsh consequences such as dropping of shares like Macy.
Once such unfortunate incidents are made public, organizations must remedy it and attempt to win customers back – just ask Zappos and their extended discount for purchases. Attempts to soften the blow may not even be sufficient, organizations like Equifax needed to review its data privacy policies to guarantee greater protection for customers.
Start with Prevention
It matters that organizations pay attention to their cybersecurity culture and training is the best way to reinforce better practices. To prevent one from becoming a subject of scrutiny for consumers and public at large, prevention is key factor.
