Cybersecurity is everyone’s responsibility: Don’t just be smart, be cyber smart
In our digital age, cybersecurity is everyone’s responsibility. Every device you use, the app you download, the bit of information you share, or the message you open comes with a certain amount of risk.
Hardening the human firewall
Many of the most worrying cyber security vulnerabilities involve human negligence or ignorance. This is not a new problem, but the Covid-19 pandemic has emphasized individuals' secure cyber behaviors. As a result, industries have been forced to confront the security challenges of widespread remote working and a society that increasingly functions online. This means that cyber-secure behaviors need to become second nature to people across the workforce spectrum. What can your organization do to encourage this?
Security culture - Build and nurture
Building a security culture takes time and effort. What’s more, cybersecurity awareness training should be a regular occurrence — once a quarter at a minimum — where it’s an ongoing conversation with employees. One-and-done won’t suffice. People have short memories, so repetition is altogether appropriate for a topic that’s so strategic to the organization. This also needs to be part of a broader top-down effort starting with senior management. Awareness training should be incorporated across all organizations, not just limited to governance, threat detection, and incident response plans.
The campaign should involve more than serving up rules, separate from the broader business reality. It means instilling a security-first mindset to help protect a business and deliver better business outcomes. Security belongs to every employee in the company, from the C-suite down to the seasonal intern — every employee owns a sliver of the exposed attack surface, but security programs work best when everyone understands that security makes the business more robust and their jobs easier.
What can you do for the organization?
Exercise your cyber smart
I would greatly encourage the idea of a cyber gym, where teams of security professionals can work to grow their own cyber skills. Security experts are responsible for the cyber health of their organizations, and therefore must constantly grow and expand their expertise to face tomorrow’s newest cyber attack.
If everyone does their part — implementing more robust security practices, raising community awareness, educating vulnerable audiences, or training employees — our interconnected world will be safer and more resilient.
Develop a ‘security champions’ program
Enlist passionate people across all areas of the organization and not just the IT team to champion security, model best practices, support infosec events and campaigns, and continually raise awareness. Provide your champions with monthly or quarterly training, and keep them engaged by demonstrating how their efforts are making an impact.
Some tips to help you get started as an intelligent cyber citizen
- Owning your line presence
- Locking down your login
- Being savvy about wireless
- Backing up data
- Don’t take the phishing bait
- Clean machine
- Know your apps