For a long time, cyber security experts were considered the only guarantors of network integrity in companies. Building a safety culture should be a company-wide initiative and not just the responsibility of a few employees.
In a mobile-centric world, where every employee has access to the corporate IT network, IT managers must place some of the responsibility for cybersecurity in the hands of those who are most vulnerable – their employees. Large-scale cyberattacks regularly make headlines, reminding us that all organizations, regardless of size, are affected; be it Facebook or small and medium-sized businesses.
In order to introduce a safety culture into organizations, we need to change the way we think about safety and how employees apply safety policies. To help business and IT leaders do this successfully, there are four key pieces of advice for a new corporate security culture.
1. Cybersecurity must be everyone’s concern
One in three employees who work remotely admit they find it overwhelming to keep track of their tasks. Put simply, apathy, inattentiveness and bad IT user habits are the true enemies of a well-secured network. That’s why companies need to invest in changing the safety behaviors, mindsets and habits of their employees.
Communication plays a central role in this. Awareness of cybersecurity issues should be established as soon as employees join the company. IT managers must proactively work with HR and/or training departments to communicate good security practices.
Because many companies train their employees in matters of safety as a sideline. They reward those who behave particularly cautiously and thereby also try to encourage those who are more careless. It would make more sense to focus on regular updates to better measure progress toward individual and corporate security goals. When employees see that safety is a priority, they find it easier to incorporate simple safety standards into their day-to-day work.
Please confirm your email address!
Click on the link in the email we just sent you. Also check your spam folder and whitelist us.
More information about the newsletter.
2. Safety training for employees, including when working from home
Working from home is now very established. This affects some of the workers’ skills and attitudes.
The majority of employees neglect cybersecurity – not because they are incompetent, but because they are too comfortable. When faced with security issues – such as B. remembering login data – take the easy way and reuse insecure passwords or old login data. In order to reach these users and educate them accordingly, companies must show them that they address their frustrations and make their everyday lives easier. A password manager and a user manual are not enough for this. Organizations need to take the time to educate employees on how these tools streamline the enrollment process and show them the efficiencies. Making it clear to employees what an important role they play in the digital security of the company is the first important step.
Additionally, in every organization there are users who have relatively little knowledge of new technologies and who probably wouldn’t be working from home if it weren’t for the pandemic. These users often leave their devices unsecured and tend to just jot down passwords in a notebook. In order to motivate them to change, companies need to make them feel responsible. There are countless examples of large organizations that have suffered damage from their employees’ careless handling of their own data security. Such employees are best introduced to cybersecurity through easy-to-understand security tools and regular training.
In contrast to this are the experienced users who use various tools in their everyday work. Unfortunately, many employees pay more attention to efficiency than safety. The good thing is: these employees do not need lengthy training courses on data security in the company. All they need to do is provide them with the right programs that allow them to have a smooth user experience and not hinder them from using the platforms and services they need. These employees must learn to see IT, policies, and the tools in place as shortcuts, not obstacles.
3. Hybrid workspaces require more flexibility
Since the beginning of the pandemic, the majority of employees worldwide have been working from home and this is unlikely to change anytime soon. The most troubling aspect of this phenomenon from an IT security perspective is the merging of personal and corporate devices. Many companies began implementing their bring-your-own-device (BYOD) policies prior to the pandemic, allowing employees to use their own devices in the office. Now companies find themselves in an even more complex situation with remote workers using unsecured devices and their home networks.
While a strict policy made sense when moving to BYOD, the new hybrid workspace requires a more flexible and collaborative approach. Therefore, when working from home, companies should specify exactly which device, which browser, which operating system or which network can and should be used at the home office. This requires security tools that work on every device. A hybrid workspace requires more investment in identity and access management (IAM) tools, training in passwords and access management tools, and security protocols that simplify processes for employees without violating their privacy.
4. Provide appropriate tools that accommodate all levels of experience
But it’s not just the negligence or ignorance of employees that poses a threat to a company’s cyber security. The use of outdated software can also lead to data leaks. This is grossly negligent and companies are even violating the EU’s General Data Protection Regulation (GDPR). This states that the “state of the art” must be observed when processing and using personal data.
Likewise, the introduction of new software and tools must be well planned in order to prevent data breaches. IT departments should consider several specific factors when evaluating a security tool. Inevitably, to ensure the safety of all employees, all levels of experience and technology knowledge present in the company must be taken into account. For example, tools with an intuitive and elegant user interface are perceived as easy to learn by the inexperienced and smooth to integrate by more experienced users. The tool should easily integrate with a variety of devices. If the technology offered works seamlessly on all devices and networks, it is more likely to be adopted than a tool that cannot be easily integrated.
Organizations that carefully gauge the balance between business interests and employee workloads are better able to cope with hybrid workspaces as they rethink cybersecurity. In this way, companies enable their employees to work where they are most productive; without having to fear that sensitive company data will be disclosed due to a lack of security standards in the home office.