Cybersecurity is changing and it’s time for a new playbook. In the modern working environment, protecting data is a problem that requires every worker, from CEOs to interns, to follow clear policies and best practices. Chris Willis, Senior Project Manager at eLearning Brothers explores how HR teams can support IT in this area with smart training and consistent communication.
CybersecurityOpens a new window is always on the minds of IT departments and savvy administrators, but it can be difficult to get broad buy-in from individual employees. Busy workers may be reluctant to change old habits, unwilling to add another process, or just unaware of the risks of lax security to themselves and the company.
The truth is, all businesses are under attack, and most workers are not prepared to provide effective defense:
- As of 2019, 67% of people were using their own devices for work-related activities, even if it was against company policy. (Source: CBS News)
- Phishing email rates increased by 250% in 2019Opens a new window over the previous year. These scams are often used to obtain an individual username and password credentials that can leave a company vulnerable.
- In 2018, the business sector had almost twiceOpens a new window as many security breaches as the next most vulnerable industry, which was healthcare.
Cybersecurity threats are real, and the consequences of the attack are serious. To protect customer data, corporate data, and employees themselves, it is imperative that each worker follows a written cybersecurity policy. The best way to achieve widespread conformity with safe cybersecurity practices is to educate everyone on the prevalence and danger of data breach, coach them on new ways of thinking about how they share their data—even internally—and communicate laid-out policies they can follow without confusion.
Learn More: What Every Small to Mid-Size Business Needs to Know About Cyber Liability InsuranceOpens a new window
Cybersecurity Breach Affects Everyone in an Organization
News headlines can sometimes make it seem as though cyberattacks are solely the concern of upper management and the IT departmentOpens a new window . After the Equifax breach in 2017, the CEO, CIO, and Chief Security Officer were all forced out. When company leadership takes all the heat, it can be hard for individual contributors to see how cybersecurity is their concern.
What wasn’t as widely reported regarding the Equifax scandal was the $1.4 billionOpens a new window spent in clean-up and security costs, and then another $1.3 billion in legal settlement fees? It is hard to imagine a scenario where an unexpected expense of that magnitude does not adversely impact everyone in the company. When a major security breachOpens a new window happens, budget dollars are diverted from elsewhere—funds that may have been earmarked for bonuses, hiring more staff to spread the workload, upgraded equipment, or travel. Individuals should also remember that their data is entrusted to their company. Employment records, including personal identification and payroll information, is stored within the organization’s digital files.
Additionally, when customer data is hacked, an employer suffers an enormous loss of public trust—and potential customers and shareholders. All of this negatively impacts profit, which in turn impacts individual employment.
The bottom line? Security is everyone’s problem.
Learn More:Opens a new window noopener” title=”Opens a new window” target=”_blank” style=”text-decoration:none;”> Keep Your Smart Office Safe. How to Choose Secure IoT Devices?Opens a new window
The What, Why, Who, and How of Secure Sharing
Once workers understand how their actions can leave themselves, their customers, and the company vulnerable, they need a clear plan of action to help them modify their behavior. One way of clarifying company cybersecurityOpens a new window policy is to help employees think about the data they are sharing before they act. A classic what, why, who, and how the model is easy to remember and easily answers most information sharing questions that may come up.
What type of information is it?
Why am I sharing this information? Is there a compelling business reason?
Who is the receiver? Are they authorized to receive this information?
How is the best way to share this information securely?
Once those questions are answered, address the best practices for securely sharing different types of information. Those can range from using a VPN or encryption to sharing different types of information across separate communication channels.
Learn More:Opens a new window noopener” title=”Opens a new window” target=”_blank” style=”text-decoration:none;”> Navigating Security and Compliance Landscape in the Age of COVID-19Opens a new window
Setting Cybersecurity Policy Expectations Helps Employees Avoid Common Mistakes
Changing the way employees think about cybersecurity Opens a new window is the first step to a more secure organization. The best way to build on that progress is through clearly communicated, easy-to-follow policies. If everyone understands what they need to do, they are much more likely to do it.
It is not enough to have meetings regarding security or fine print attached to onboarding paperwork. A company’s cybersecurity plan of action needs to be written down, clearly communicated, enforced, and updated regularly.
When looking at business risk management, employee training is one of the most-often talked about strategies. Making security policiesOpens a new window part of onboarding training helps employees know what is expected of them from day one. Utilizing an eLearning platform, workers across all divisions and departments can access consistent training regardless of their location. HR teams can also present this information in person if the company model permits. To cut through the noise and be effective, workers need regular reminders about their role in cybersecurity, and what is in it for them to do their part in keeping everyone’s data secureOpens a new window . Although cybersecurity is a serious subject, do not be afraid to reach deep into the training box of tricks for microlearning, video, games, and interactions to capture attention and ensure workers retain key information.
While changing old workplace habits and developing new ones can be a long, sometimes difficult process, the threat Opens a new window of cyberattack certainly warrants the effort. As is the case with any policy, sustaining a secure environment for sensitive data is easier to do when teams are working together. Showing employees the real risks associated with lax cybersecurity, training them to be smart about sharing data, and then communicating straightforward policies to help them modify behaviors go a long way to improving overall company security. When it comes to data protection, clear expectations are the best way to keep that teamwork moving forward.
Let us know if you liked this article on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!