Cybersecurity Is a Team Sport
Find out how your organization can motivate employees to play their role in the team.
As humans, we like to maintain the “it won’t happen to us” mentality. Maybe it makes it easier to sleep at night, but you know what would really keep you awake: a ransomware attack. Think about it, everyone goes through the motions of cybersecurity training. You are sent multiple phishing emails per quarter, and often, it seems obvious that the sender is fake. Sometimes, you or a coworker may accidentally click the phishing email, relieved it was only a test.
What would it mean for that phishing link to have real consequences? Many forget that cybersecurity is job security. Various organizations, especially smaller to mid-sized, are unable to rebound from costly ransomware attacks. It takes one form of entry and data is compromised by the cyber-attacker, which can lead to irreversible damage.
We care about educating end users because these attacks are real and occurring daily. Individuals need to understand the WHY behind cybersecurity efforts to take an interest in participating. They need to recognize their role in winning as a team.
There are a few recommendations to begin playing your part in your team. The first is through multi-factor authentication that provides an extra protection layer to passwords. Remember the time when you left your phone in the other room and two-factor authentication made you leave your desk to reiterate “yes, this is me.” I think we all agree that MFA-Controlled Access can be an inconvenience. Still, 80% of security breaches involve compromised passwords (1). With such high statistics, the potential for compromising passwords outweighs the inconvenience. Our advice is to use an application like DUO Mobile to ensure higher security.
So, if I downloaded DUO Mobile, I should be prepared for any cyber-attack that comes my way. Wrong answer. Unfortunately, successful cybersecurity requires more than an app or expensive add-ons to your network. Money cannot buy you cybersecurity. It is a combination of engaging your coworkers, employees, managers, and CEOs in the necessary conversations and training. The myth of an “all-in-one” cybersecurity product must be dismantled.
To avoid relying on costly add-ons, you need to become part of the “Human Firewall” (2). KnowBe4 explains this term well, which is the execution of training modules, awareness, and investment in cybersecurity that builds a wall of defense against cyber-attacks. Humans are your first and last line of defense: they have the power to let attackers in and prevent them from causing significant damage to your organization. Invest in their abilities.
After all of this is said and done, if you and your employees still do not appreciate the “why,” it may all be for nothing. How will you and your organization sustain cybersecurity programming, especially after implementing the recommendations above. By this, we mean the reason why we should raise awareness, educate, and involve the entire organization in preventing cyber-attacks. Individuals need to feel involved in the cybersecurity process in order to stay engaged. They must value their role in winning as a team.
Setting the tone around what cybersecurity means for your organization is necessary moving forward. Here are steps to take to develop the tone:
- Incorporate Cybersecurity into Every Company Meeting
- Leverage a cybersecurity awareness education tool like KnowBe4
- Have your IT team share the most recent cyber event encountered by the organization
- Review your incident response plan on a periodic basis with the team
- Promote a culture of see something, say something
These are critical steps to take to develop ownership around cybersecurity. If you’d like to discuss these more in depth, feel free to reach out to us. We’d be happy to chat.