Addressing the cyber security threat isn’t a once-off exercise. Instead, to be successful and help you mitigate the risk to your business, it needs to be ingrained across all aspects of the organisation. People, processes and technology. The key element here is your people. They’re the ones who make it work. They’re the ones who are the potential weakest link in the protection chain. As a result, building a strong cyber security-focused culture is vital.
Foster the right culture
In addition to having the right products and solutions in place to protect the various areas of your business, you need to create and foster the right culture to support your overall strategy.
Protection is multi-layered. The best strategy and the best solutions are meaningless if your biggest asset (your staff) isn’t paying attention, if John in reception or Amy in accounts don’t know how to spot a phishing email, or even know what phishing or malware is.
Staff engagement is key
Think about it this way: human error is the cause of most cyber attacks. According to IBM it is the reason behind a massive 424% upsurge in cyber attacks between 2016 and 2017. It takes just one click on the wrong attachment, one opening of a questionable link and hackers are let into your organisation.
So how do you address the human factor and embed a cyber security culture in your organisation?
Integrate cyber into your culture
Education. Train your staff on the cyber threat, what attackers are doing, how they’re duping people, and what best practices should be used every day, from changing passwords regularly, to questioning email instructions when it comes to transferring money, as is the case in business email compromise scams.
This needs to go beyond watching a video during onboarding for new staff. It needs to be an ongoing concerted effort focusing on all staff, regardless of their tenure. And importantly, it needs to be driven from the top down and supported at all levels. This could mean appointing departmental or project sponsors, and include classroom training, online exercises, or peer discussions on a consistent, regular basis.
Work with partners
Cyber security partners can also help here, with many offering things like phishing exercises, which masquerade as emails from cyber criminals to staff to see who is likely to respond.
These kinds of exercises can help identify training gaps. Education initiatives need to be meaningful to employees and can even be linked to improvement programmes and KPIs, making them more likely to be adopted.
Successful cyber security needs buy-in and engagement from staff. It’s an ongoing endeavour and needs to be led from the top down. It can be challenging, but it can be done. Training plays a key role in getting all your staff on the same page of your cyber security plan. After all, cyber security is everyone’s business.
Find out more in our Executive Report: Culture, engagement and cyber security — Insights for the C-level