Cybercrime is now a billion-dollar industry. Ransomware attacks such as WannaCry and Petya are growing steadily more common, while social engineering methods like phishing are being used with alarming frequency to break through even the most ironclad security. So expansive, extensive, and varied are the different types of attacks one might fall victim to, it can seem nearly impossible to truly protect oneself.
Consider, for example, that the United States Energy Grid was recently accessed by an unauthorized party. One of our most valuable pieces of infrastructure could have potentially been shut down with just a few keystrokes. And it all happened because of a few unsecure email accounts.
The message here is clear. No matter what industry you’re in and what type of data you work with, you need to take the necessary steps to improve your security posture. And one of the most important steps in that process is to foster a culture that promotes cybersecurity – one that makes your employees care about protecting both their own data and yours.
“Success is all about the culture,” explains David Novak, co-founder and former CEO of YUM Brands. “Great leaders know your core values and are true to them. What messages are you sending to your employees? Are you recognizing and rewarding your staff?”
Although Novak was talking about culture from the perspective of corporate strategy, it applies just as well to cybersecurity. Because your workers are so often the weakest link in your organization, one of the most effective ways to make yourself more secure is to change that. To not just educate them, but make them care about that education.
- Understand your risk tolerance. What data and systems do you need to protect, and what level of security is necessary to protect those assets?
- Set reasonable expectations. Show tangible results from good cybersecurity – and the consequences of bad. Make sure your workers all know what’s expected of them, and make sure they’re aware of the risks facing your organization.
- Educate. Make sure to host regularly-scheduled training sessions that school employees on all the specific fundamentals necessary to keep data safe – safe browsing, good password, email, and security practices, proper social media behavior, and proper mobile security.
- Ensure there’s executive buy-in. It doesn’t matter if you mandate proper security practices for your regular workers if executives can’t be bothered to follow the rules.
Your employees are both your first line of defense against attack and your biggest weakness. That’s why fostering positive attitudes towards cybersecurity is one of the most important things you’ll ever do. Because without a security-focused culture, it doesn’t matter what strategies you have in place – they’ll be outstripped by the fact that nobody cares.