A human-centric approach to improving cybersecurity is more important than ever. Encouraging responsible practices through the lens of human impact can inspire companies to step up their security strategy, shares Stephen Cavey, co-founder and chief evangelist of Ground Labs.
This year’s Cybersecurity Awareness Month focused on the role everyone – including executives, cybersecurity professionals, and consumers – plays in keeping data safe from harm. Now that 2023 is underway, it might be tempting to relegate the slogan #SeeYourselfInCyber, to the rearview mirror.
Yet, a human-centric approach to improving cybersecurity is more important than ever. Encouraging responsible practices through the lens of human impact can inspire companies to step up their security strategy by calling on their sense of empathy.
Motivate Employees by Highlighting the Human Impact of Security Best Practices
Given the media’s focus on the topic, most people are at least aware that a careless click or download could lead them to fall victim to a phishing scam and reveal their credentials to bad actors. But the typical reaction of “It won’t happen to me†is often insufficient to spark true vigilance.
It may be more motivating to re-examine the problem from a human angle; a security slip-up can hurt many people if thieves steal data and commit identity fraud. Through this framing, cybersecurity best practices (like staying on the lookout for phishing attempts, enabling multi-factor authentication, keeping software updated, and using strong passwords) are more than just good security hygiene. They’re acts of prosocial goodness.
Employees should also realize that they are protecting their data and customer data. As the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR) empower employees to learn how their employers store and use their data, those employees will become increasingly motivated to keep that data safe.
As a result, the human angle of security impacts employees in two ways. They realize the need to protect data because it is the right thing to do and because they need to protect their personal safety.
See More: Five Reasons Why Data Privacy Compliance Must Take Center Stage in 2023
Advocate for Cybersecurity at the Executive Level Through the Lens of Human Impact
When conveying the urgency of security improvements to the C-suite, CISOs, chief compliance officers, and chief privacy officers should consider approaching privacy legislation through its human impact. It exists to protect people’s safety and the ability to control what they put out about themselves.
When users allow companies to store sensitive personal data, they do so with the understanding that the company cares enough to keep that data safe — as with any relationship, rebuilding trust after letting the other party down can be challenging.Â
Recent legislation designating some data categories as particularly sensitive reinforces the human element of trust that links companies and customers and companies with employees.
The impact of a potential breach becomes more dire if viewed through the lens of human influence. Customer and employee livelihoods could be put at risk, and the reputational damage of a breach could haunt an organization well after it has addressed economic concerns.
Protecting data (and the people behind it) requires promoting employee best practices, but that isn’t enough. Human error is just that and is inevitable. Therefore, companies need safeguards to protect data at every level. In the C-suite, this means knowing where all data is stored since companies can’t protect data they don’t know exists; if data is a stand-in for a person, then not knowing the location of all data is equivalent to leaving those people behind.
Even with the Rise of Automation, Cybersecurity Remains Human-Driven
Modern cybersecurity relies greatly on automation. Given the tremendous variety and frequency of possible threats, automation is necessary to protect data at scale. As major data breaches take place, more companies will embrace automation tools.
Yet the adoption of automation is a bit of a double-edged sword, as it may actually demotivate employees from engaging in security best practices. If automated security tools are self-sufficient and effectively omniscient, the reasoning might go, then why would humans need to make much of an effort to keep data safe?
This is an unfortunate misconception because even the most robust automated cybersecurity tools cannot succeed in a vacuum. These solutions are tools that support cybersecurity objectives, but their output may include errors or oversights, requiring human intervention to identify and correct. Even if a tool is expected to be fully accurate, humans need to ensure that the tool’s findings reach the appropriate parties who need to act on that information. And finally, humans need to plan for security improvements based on their tools’ findings.Â
It’s clear that automation and a human-driven angle on cybersecurity can and must exist in harmony. Conversations about automation should highlight the role that these tools can play while reinforcing the importance of the human touch. This will motivate employees to see themselves as partners in addressing security alongside automated tools.
This Is a Time When a Human-Focused Approach Matters
Attracting and keeping cybersecurity professionals is challenging due to the current talent shortage. Valuing cybersecurity for its human impact and acting proactively instead of reactively can help a firm stand out to current or prospective employees.
As ForresterOpens a new window noted, many consumers are more willing to trust companies, rather than governments, to lead the way in doing the right thing. Prominently embracing security best practices in advance of regulations forcing the issue can help companies build a good reputation. As new regulations enlighten consumers about their data and privacy rights, companies must be ready to address user concerns and questions thoroughly and compassionately.
Mounting Cybersecurity Threats Will Demand Greater Teamwork
Cybersecurity threats are overwhelming. In 2021 alone, there were 1,862 reported data breachesOpens a new window ; nearly a 70% increase from 2020 and the most severe year on record and yet, we must continue to question how many more went unreported. This mounting pressure to protect data and people demands that companies approach cybersecurity from a bottom-up, human-focused angle to mobilize support from executives, employees, and users.
The world we live in is interconnected. No one is entirely safe from cybersecurity threats — but this means everyone has a role to play, whether implementing best practices in their daily lives, educating customers and employees, or ensuring that they are protecting users’ sensitive data to the best of their ability. It’s critical to “see yourself (and everyone else) in cyber†throughout the entire year, not just for one month.
How are you making your data security and cybersecurity strategies more human-focused? Share with us on FacebookOpens a new window , TwitterOpens a new window , and LinkedInOpens a new window .