3 Ways to Make Employees Your Best Cybercrime Fighters
The biggest data breaches are highly publicized, but what one often doesn’t see is the behind-the-scenes work that led to discovery and eventual remediation of the damage. A Ponemon Institute study found it actually takes an average of 191 days for organizations to identify a data breach. During that half-year, customer data is exposed, your brand is at risk, and exponential costs are incurred.
A cybersecurity threat is not limited to external factors. The same study revealed that compliance failures can add to the costs associated with breaches by $11 for each compromised record. That means your own team is putting your business at risk.
A Culture of Prevention.
The best attack on cybercrime is prevention -- and yes, that includes policy compliance. So how can you get employees on board with cybersecurity measures?
Engagement is key. Cybersecurity bulletins and meetings mean nothing if employees are not active in preventing breaches and reporting security lapses. Train your staff in personal cybersafety first: how to shop safely online, what to know about Facebook’s privacy issues, and how to talk to their kids about cyberbullying. Leading with close-to-home topics will engage your employees in the subject and prove that you’re concerned about their personal well-being.
A cyber-savvy culture also requires communication. It’s a good thing when workers discuss suspicious emails and other warning signs of hacking attempts, and managers should ensure that those concerns make it to the security team. Encourage open queries in team meetings to keep the staff alert and supportive of cybercrime scrutiny. Focus on your own messaging, as well: Remind your employees that they are the strongest defense you have against cyberattacks.
Implementing a robust cybersecurity regime is a mountain of a task, which is all the more reason to make sure your employees are on board and compliant. There are key strategies you can implement to engage your team and reduce the chance of a crippling cyberattack against your company.
1.) Pick your point person.
If you want everyone in your organization to be on board with new cybersecurity measures and protocols, it’s best to appoint a leader to champion the cause. This person’s team will manage all aspects of security and data protection, from monitoring attack vectors to training other employees.
A cybersecurity team should be staffed with individuals who are actually qualified to advise on the legal and technical implications of data protection -- plus the specialists who can carry out their directives. Too often, cybersecurity is added to an already extensive list of duties for IT or administrative workers.
To get a cybersecurity staff up to snuff requires investment. In a 2018 Deloitte survey of chief information security officers in state government, 61 percent reported competency gaps in their cybersecurity staff, and 94 percent of states cited high salary as the barrier to attracting and keeping cybersecurity talent. To alleviate the skills gap, Deloitte recommends partnering with universities, state and local agencies and contractors to bulk up cybersecurity teams.
2.) Let them know: It could happen to us.
To make sure your team participates in heading off cybercrime disasters, share the why. Make sure employees are fully aware of just how possible it is for an incident to occur at anyone’s business.
Share stories of some of the more egregious breaches -- and how company culture or poor decisions enabled them. You’re not intending to scare your employees. Caution them about the very real dangers, but assure them that their vigilance will make it possible to prevent or mitigate damage.
One way to do this without being too preachy is to host cyber war games -- mock sessions in which cybersecurity threats are simulated and audited without risk of real harm. When global payment companies, including JPMorgan Chase & Co. and Mastercard Inc., held a combined cyber war game in October, their cooperation helped lay the groundwork for a coordinated response and uncovered new approaches to defense.
3.) Keep up the broadcast.
You want to ensure employees are compliant with your cybersecurity plan, but you also want them to enjoy the advantages that come with remote work and bring-your-own-device (BYOD) policies. The best way to do that is to send out signals often to remind them of your best practices. Push notifications through text and email to let your team know of mobile maintenance updates and security measures.
These friendly reminders are an important way to encourage compliance on your team. Hoala Greevy, founder and CEO of HIPAA-compliant email provider Paubox, underscores the need for this regular (but unobtrusive) communication: “Sound policies are essential, but few people remember the employee handbooks they’re asked to read on their first day. Likewise, BYOD policies will be easily forgotten without routine reminders.” Issuing cybersecurity notifications on a regular basis will keep your company policies top of mind.
By taking these steps, you can create a lasting culture of vigilance and cybersecurity savvy. Given how damaging and costly a breach can be, a compliant culture will benefit your company for years to come.