Cybersecurity is everyone’s responsibility, not just information technology professionals. As with personal safety, people must pay attention to their surroundings and their actions.
There are a number of areas that companies and employees do not pay attention to in regards to cyber security. These are not in order of importance as they are all critical.
Lack of staff training
When we raise our children, we make sure they know to look both ways before crossing the street, not to take candy from strangers, and never to get into a car with someone they don’t know. For all of us, this is common sense, as we receive this same education ourselves.
With cyber security, the same principles apply. Don’t open attachments from unknown sources. Don’t go to websites that look suspicious. Do not tell anyone your password (s).
Companies should ensure that they have education for all employees regarding these and other cybersecurity basics. Training should occur in new employee orientation and it makes sense to have annual or semi-annual reviews.
Do not limit / record access
Who has access to what data? Which IT administrator modified the directory structure? Who changed the permissions? Do all employees have access to human resources files? Does any unnecessary person have access to the financial records? Are there records showing who accessed what data?
Most of the answers to these questions will be “we don’t know” and that is a problem that needs to be recognized and addressed. Businesses need to use built-in tools to record access and, when necessary, purchase third-party software for greater control and granularity. Access tracking can not only prevent a data breach, it also enables organizations to find out what happened when data loss occurred.
Worrying about corporate data
Most employees just focus on their day to day work, they don’t necessarily care about intellectual property in their company. Large numbers of employees don’t even know what data is critical to the success of their business.
With a myopic focus on what is in front of us, it is extremely difficult to protect what really matters to an organization. Employees understand that financial and human resource records deserve protection – that’s not enough.
Staff must also be aware of critical data that is critical to the business, so that they can secure and take appropriate action when it comes to that information and when dealing with others who have a responsibility to protect that data.
Understand cyber threats
Identity fraud. Parody. Worm. Troy Horse. Pharming. Kidnapping attack. All the key terms in the cybersecurity world, and with few exceptions, most people don’t know what these expressions mean.
Along with basic education, it makes sense for organizations to ensure that staff know what these attacks are and how to protect against them. There are a number of terms and threats that people are familiar with; companies have a responsibility to help employees understand additional hazards. Common sense goes a long way, and by adding simple communication, companies can ensure that employees know what to look for and how to act when problems arise.
Spending money in the wrong areas or not spending it at all
Too often, companies focus on income-generating opportunities and return on investment when they spend money. Businesses must also take a defensive stance. This doesn’t just mean spending money on network equipment and peripheral devices to protect your information assets, but they must understand the scope of the threats and spend in numerous areas.
Firewalls, extranets, and intrusion detection systems are fine; however, they only protect companies from specific types of attacks. Businesses must take a holistic view of cybersecurity and invest as needed. Cybersecurity is an investment and should be considered as such through the budgeting process.
Everyone must own cybersecurity. In today’s world, with major data breaches occurring seemingly weekly and affecting millions of people, it is imperative to pay attention and share the responsibility for data protection.
Through education, registration, understanding corporate data, knowledge of threats, and the right investments in cyber security, businesses will find greater security. When companies have data protection, investors, employees and consumers receive peace of mind and clarity that they are as secure as possible.