4 Ways to Build a Culture of Security in Your Organization
Why Workplace Security Depends on Employees
October is National Cybersecurity Awareness Month (NCSAM), and since its inception more than 17 years ago, it has been led by the U.S. Department of Homeland Security and the National Cybersecurity Alliance. This year’s theme encourages you and your organization to “Do Your Part. #BeCyberSmart.”, referring to implementing stronger security practices, raising community awareness, educating vulnerable audiences, or training employees.
Hackers, viruses, and malware can infiltrate Small to Midsized Businesses’ (SMBs) systems from many different entrances, and each employee — regardless of the industry or their position — is a gatekeeper. Security shouldn’t be an intimidating or abstract idea in your company — it should be rooted in every action and business process, reducing human error and failures, which lead to almost half of all data breaches. A culture of security needs to be persistent and ever-present.
4 Ways to Build a Culture of Security
National Cybersecurity Awareness Month is the perfect time to kick start your organization’s culture of security. Start putting these ideas into motion and you’ll immediately improve your company’s odds of keeping sensitive information away from prying eyes. To build a culture of security in your workplace, here are a few big things you can do to get started:
- Increase awareness – Many of your employees probably want to help keep the company secure, but they don’t know how or don’t know enough about the current cybersecurity landscape — teach them. The resources shared above are a good start.
- Create a security community – Gather people from different departments and job levels to lead the security charge among all employees. Have them meet at regular times to develop internal programs that bring everyone together and eliminate an “us vs. them” mentality.
- Incorporate security into everything – Your mission statement, employee handbook, company-wide speeches by the CEO — find ways to work your commitment to security into as many communications as possible to drive the point home that security is a major focus for your organization, and it is truly everyone’s responsibility.
- Make cybersecurity fun – Workplace security doesn’t have to be something that is seen as a burden to your entire staff; find ways to make it fun! Publicly recognize employees who go above and beyond when it comes to cybersecurity and offer prizes or rewards. Create games, hold workshops, and try to find ways to engage your employees and reinforce the best cybersecurity practices at the same time.
Consider the following guidelines based on this year’s NCSAM theme to encourage personal accountability and practice best security practices:
If You Connect It, Protect It
Owning a device that is interchangeably used for business is a serious responsibility. Take the appropriate steps to protect your company’s BYOD devices:
- Surf social media safely and avoid cross-linking your apps to your social media account.
- Remind employees to update privacy settings on their various apps and devices at home to avoid oversharing of personal and business information.
- Beware of mobile threats targeting your business and implement a mobile device policy.
- Encourage employees to report every discrepancy they come across during and outside of work hours.
Securing Devices at Home and Work
Securing company devices, especially while working remotely, is the first line of defense against cyberattacks.
- Update company logins and advocate the use of strong, unique passphrases.
- Ensure your business uses two-factor authentication (2FA) on important accounts.
- Proactively safeguard devices with innovative Mobile Threat Defense.
- Educate your employees on how to detect and avoid clicking on phishing links, such as a Business Email Compromise (BEC) scam.
Securing Internet-Connected Devices in Healthcare
Many healthcare organizations have outdated IT systems and lack focus and investment in cybersecurity tools, which puts consumer sensitive and medical information at risk. Whether you work in the healthcare industry or if you or your company has been targeted by a data breach, here are some resources to use personally and share with your colleagues.
- Overcoming the Path of Data Breach Disruption During COVID-19 (infographic)
- 2020 Data Breaches
- COVID-19 Top Digital Scams (infographic)
- COVID-19 Scams & the Remote Workforce (infographic)
- 6 COVID-19 Scams Targeting Your Identity (tip sheet)
- Password Strength Test
- Medical ID Theft Checklist
- 10 Tips for 2020 Data Breach Victims (infographic)
- Risky Breach Business: The Impact of Today’s Data Breaches on a Business & Its Employees (white paper)