By Anita Byer, Setnor Byer Insurance & Risk
October is Cybersecurity Awareness Month. This year’s theme, See Yourself in Cyber, is meant to communicate the fact that cybersecurity ultimately depends on people. Although cybersecurity can be an incredibly complex topic, in most cases, your organization’s best defense against a cyber-attack isn’t a firewall or anti-virus software, it’s people. The people within your organization must be committed to protecting your networks, devices and data from unlawful access or criminal use. The people must be committed to maintaining confidentiality, integrity and availability of your business’s information. This can only happen if you create a culture of cybersecurity within your organization.
Employees are commonly targeted during cyberattacks, so it’s crucial to make them part of the solution, so they will not contribute to the problem. This can be done by making employees an integral part of your cybersecurity culture. Fostering a culture of cybersecurity can strengthen protections against organizational cyberthreats. For those concerned about the bottom-line, it can also increase customer trust and loyalty. A true win-win.
Changing the workplace culture isn’t easy, but it’s not impossible. The following tips can help create a culture of cybersecurity within in your workplace.
- Involve senior leadership. Employees need to see cybersecurity values upheld by management if they’re going to buy into such a culture. Encourage senior executives to lead by example.
- Inspire ownership of cybersecurity. Clearly communicate what’s at stake to your employees and explain that your organization needs their help to minimize cyberthreats.
- Create engaging educational initiatives. Consider leveraging discussion forums, online activities, in-person training sessions and mock phishing exams as part of a holistic approach to cybersecurity education.
- Bring back the basics. When promoting good cyber hygiene, don’t forget basic principles such as strong password policies, multi-factor authentication requirements, network access restrictions and download limitations.
- Make it easy. Ensure employees know how to report suspicious emails and check the authenticity of work-related communications.
- Celebrate success. Make cybersecurity part of performance reviews and reward systems.
Implementing, maintaining and updating security policies and procedures is important, but it’s not always enough. Small and medium-sized businesses should have Cyber Perils Insurance Coverage to protect against various cyber threats and liability exposures, including the cost of complying with data breach notice laws. Please contact us if you would like more information about insurance specifically designed to protect against cyber threats and data security breaches.