Companies continue to struggle with how they handle security in the digital age. No longer is it just about key cards and ensuring that only authorized people can get into an organization. Hackers can find their way in through personal cell phones, carefully constructed emails, or by leaving a stray USB flash drive on the ground of a lobby. There is more that can be done in businesses of all sizes to avoid the hassles of a breach, and considering breaches not only cost an organization money and time, not to mention fines if personally identifiable information (PII) data is lost, there needs to be more efforts made to foster a better culture of learning
The Dangers of Lax Security
Employees cannot afford to think of security awareness as a seminar they’re required to take once a year, but unfortunately this is likely how employees do view it. In fact, 66% of data professionals surveyed say that employees are their weakest link when it comes to establishing better practices. When company leaders only do the bare minimum to raise their staffs’ consciousness about how breaches work, it affects how the staff sees the issue. The information is likely to be seen as a hiccup in their day that ultimately goes in one ear and out the other. It’s a common pitfall for busy businesses to assume their security defaults are working, even though the more likely conclusion is that those defenses haven’t been tested by a hacker yet. A cybercriminal has a veritable bounty of undefended computers to infect, and only so much time in the day.
Tightening Up the Reins
A a general rule, cybersecurity has proven to work better coming from a top-down approach. This means that leaders need to practice better security before the managers will, and managers need to practice it before employees below them mimic their efforts. It’s all about setting the priorities of a company, and security needs to be given priority. When a company has a security awareness program that does more than just remind people once a year that hacks are a real threat, it has a solid start in creating the right culture. People’s behavior can be malleable, so long as it’s clear what is important. If a manager spends 99% of the time talking about quotas and 1% of the time talking about security, it sends a strong message to employees that they should be focusing their efforts on quotas. If that isn’t enough to convince, consider that increasing your cybersecurity might be a good start to creating a culture of learning, as customers grow increasingly weary about losing their information. Far from having to speak in technical jargon, a company can attract new clients by emphasizing how employees understand best practices of the day.
Security awareness training needs to be customized to an organization, but the key is that education needs to happen far more than once a year. Global Learning Systems has an all-year program that offers a variety of mediums to reinforce learning and builds a Culture of Learning. From quick-fix tools such as short videos, newsletters, and posters to complete courses that detail better practices, it uses different methods to keep people’s attention on how they can protect themselves and the company better. Every employee already knows the basics of being careful when he or she connects to an unsecured network or when choosing a password, but this goes above and beyond. It ensures that the most important concepts are being given the respect they deserve, which ultimately decreases your risks immeasurably. Our program adapts and changes with the times to stay relevant today, and this complete solution is available for companies of all sizes.
What Can You Do?
Get actionable advice on building a security culture in your organization in a recently recorded webinar “Developing Security-Minded Employees for Defense Beyond Organizational Boundaries.”