Let’s get the bad news out of the way: human error is the most common target of cyberterrorism. Ironically, 85% of all data breaches are unintentional, so at least we know most employees aren’t engaging in deliberate acts of cyberterrorism!
But that doesn’t help companies like Equifax, where one employee error exposed the records of 146 million Americans. Employers can spend thousands on hardware and software to protect companies from cyberterrorism. However, educating employees the risks and understanding the importance of everyday awareness is the only way that will effectively protect an organization from being the next hacker’s victim.
Here’s how you can create a strong culture of cybersecurity:
The threat is real
Security Intelligence lays out some of the latest stats on cybersecurity — or a lack of cybersecurity. Your company is “more likely to experience a data breach of at least 10,000 records than you are to catch the flu this winter.” Culling data from the Ponemon Institute, Security Intelligence lays out the facts as we know them today:
- The average cost of a data breach is $148 per record.
- On average, it takes a large business about 196 days to even determine that a data breach has occurred.
- In 2018, the average cost of a data breach could range between $2.1 million for fewer than 10,000 records stolen to as high as $5.7 million for incidents with 50,000 compromised records.
As we approach 2019, we need to focus on three crucial things about cyberattacks:
- The likelihood of a cyber breach is extremely high.
- The cost of cyberterrorism can damage a company’s long-term health.
- Our employees put us at risk of cyberattack.
How can organizations mitigate these risks, particularly with employees posing the biggest threat of making a critical mistake?
What is a culture of cybersecurity?
Identifying your organization’s risk is the first step toward developing a cybersecurity culture. Which data and systems need protecting, and what kind of security needs to occur?
Beyond deploying the right hardware and software to mitigate risk, cybersecurity needs to be actively embraced by everyone from the C-suite to the newest employee. Making everyone aware of the threats and normalizing culture around both digital and physical security is important. In addition, to ensure employee buy-in you need to make certain your employees understand the reasons behind security rules such as third-party verification or standards related to bring-your-own-device policies.
A culture of cybersecurity means that organizations have an ongoing perception of digital risk and work actively to mitigate it.
Best practices for creating a culture of cybersecurity at work
Getting back to basics on cybersecurity is an important goal. Phishing scams are growing more sophisticated, and your employees are still making poor password decisions that could harm your company.
In 2016, 3.3 billion credentials were stolen online with poor password security playing a big part. Employees should not set passwords like “123456” or “password,” two of the most commonly used passwords by consumers, and ensuring those are no longer in effect is a crucial first step.
Here are six ways to create a stronger cybersecurity culture:
- Educate everyone on the trending threats and get top-down to buy-in.
- Establish procedures and protocols to enforce security.
- Have ongoing programs to engage employees in cybersecurity.
- Focus on the basics and build from there.
- Help remote workers stay secure.
- Make it everyone’s responsibility and use IT as an enabler, not the “big stick”.
Back up a strong security culture with end-to-end security measures that include third-party verification and encryption. Employing an IT managed service provider to supplement your team is also a good idea.
Finding the right security partner can be as simple as calling Synoptek. Synoptek’s Cybersecurity Training & Awareness Service gives organizations an ongoing set of tools they can use to create and sustain a real, effective security culture. Contact us today to mitigate your risk.
About the Author
Synoptek is an established firm that provides information systems consulting and IT management services. Synoptek and its predecessors have been providing these services for 23 years.