Skip to main content

Back to Blog

Cultivating a Cybersecure Culture at Work

Everyone is Responsible.

Businesses often say that their people are their greatest asset. When it comes to cybersecurity, this statement is truer than you might think. A constantly shifting threat landscape means cybersecurity best practices should be on everyone’s mind, not just your CTO or CISO. When employees of all areas, from new hires to the executive suite, are equipped to understand and anticipate cyberattacks, they become your best defense against them. But cultivating a cybersecure culture across your workplace means making sure that cybersecurity is everyone’s responsibility. Leaders need to set an example, and employees need the training to understand their role in keeping your data safe from hackers.

Your People Can Protect Your Business

It’s tempting to define cybersecurity as an issue only technology can solve, but human error is a major contributing factor in nearly all data breaches. A recent IBM report found that human error played a significant role in 95% of all data breaches. Errors like disclosing information in the wrong format or to the wrong individual or failing to use the bcc function in an email are all completely preventable. Employees need training and tools that help stop these mishaps from happening in the first place. They need to understand the significance of cybersecurity, how cybercriminal activity impacts the business, and the technology you’re implementing across the organization to prevent it. You can have the best security solutions money can buy, but if your employees don’t properly manage and utilize them, you remain vulnerable.

If people are the leading cause of security vulnerabilities, then people are also the best way to shore them up. When 60% of employees don’t even know the company has exclusive ownership of their own data and 55% of employees say they’ve intentionally shared unsecured data because they aren’t given the necessary tools to do it securely, the problem is a combination of culture, training, and tools. The best way to leverage your employees as an asset rather than allowing them to become a liability is by imbuing the right practices and procedures from the top down. Infusing your workplace with proper cyber hygiene practices will help fortify against human error, the root cause of so many breaches.

What It Comes to Cybersecurity It’s All Hands on Deck

In the guidebook Cybersecurity is Everyone’s Job, NIST outlines what each type of employee can do to incorporate cybersecurity measures into their day-to-day role. We’ve distilled their advice down to key actions each group can take to do their part in the battle against cyber threats.

Sales, Marketing, and Communications Teams

  • Publicly communicate how your company protects customer data against threats.
  • Keep your customers informed on ways they can practice good cyber hygiene with their own personal systems and data.
  • Protect shared files and CRM data with things like multi-factor authentication and strong password hygiene.
  • Be watchful on corporate social media platforms and apply strong privacy settings.
  • Have a defined process for responding to ethical hacker and customers with security concerns.
  • Have a communications plan in place for the inevitable cybersecurity incident.

Product, Facilities, and Operations Teams

  • Utilize encryption, password protection, and security best practices to protect intellectual property.
  • Destroy sensitive information in compliance with established data retention policies and procedures.
  • Only share necessary information with customers and other outside organizations, and be sure it’s passed along securely.
  • Make sure physical security controls are implemented and kept updated for facilities and other physical environments.
  • Check your supply chain for security risks and be sure that suppliers are taking proper precautions as well.

Finance and Administration Teams

  • Develop a budget plan for a solid and effective cybersecurity strategy across the organization.
  • Identify the impact cyber risks have on the business and integrate them into your risk management process.
  • Have a plan for emergency spending in the event of a ransomware attack or data breach.
  • Know the regulatory requirements associated with financial information, ensure compliance with laws, regulations, and standards that apply, and support the cybersecurity team’s efforts to secure the systems impacted by those requirements.

Human Resources

  • Build out an employee training and education initiative revolving around cybersecurity best practices and update it regularly to keep it fresh on everyone’s mind.
  • Safeguard employee information and protect access to your HRM platform.
  • Perform background checks on new hires and research third-party vendors before working with them.

A Cybersecure Culture Starts at the Top

It’s too easy to get caught up in the hustle and bustle of everyday work and forget about security altogether. A customer needs a file ASAP, an email looks urgent and gets answered before checking for common red flags of phishing scams, a flustered caller just needs a quick password and user change…all of which can lead you down the path of a full-scale data breach. To keep your employees on the defense, leaders must take the initiative to make cybersecurity a priority across the board.

Investing in training or technology is an excellent first step, but leadership needs to practice what it preaches when it comes to data security. Be an example to follow, enforce the rules, and encourage a culture of proactive cybersecurity. In this digital age of near-constant cyberattacks, it’s more important than ever to make cybersecurity everyone’s responsibility.