Cyber Security Needs To Be Embraced By Everyone
Cyber security isn’t just the responsibility of one person, or the IT department. It is something that everyone in an organisation should be responsible for, as anyone can act as the gateway for a criminal to enter the IT infrastructure.
Henry Ford, the industrial pioneer said, “don’t find fault, find a remedy”. No greater words could sum up the explosion of this new digital age, and the importance of those higher up the industry ladder, leading the way for a positive cyber culture for their organisation.
It is vital, that strategic plans are created and implemented from a Board level and cascaded down through an organisation. This plan needs to be continually reviewed and updated as required, due to the ever-changing nature of cyber attacks.
Last year it was revealed that businesses faced a cyber attack every 60 seconds. Identifying vulnerabilities and shoring up defences using both technology and training for staff coupled in with robust policies and procedures gives the perfect cyber security balance.
Data breaches as a result of cyber attacks are never very often out of the news headlines. Whether it’s a new/ongoing attack (such as Travelex) or the result of a fine because of a data breach (British Airways, Dixons Carphone), the consequences are plain for people to see.
Yet still, cyber security isn’t deemed a big enough issue for some organisations.
Data Protection Day, which was held at the end of January, once again raised awareness of the issues. But like so many national days, it tends to go un-noticed as people get engrossed in their daily routine.
In November 2019, the World Economic Forum Annual Meeting on Cyber Security was held. Below are the 10 key messages for global leaders. However, I feel some if not all of these could be applied to any organisational leader and then filtered down.
Cyber attacks are increasing in frequency and sophistication. It is hence the responsibility of public and corporate leaders to take ownership for ensuring global cyber security and digital trust
Board and C-Suite members need to gain better understanding of the cyber risks to which their organisation is exposed and of their cyber readiness
Both public and private organisations need to improve their cyber crisis management, develop holistic response and recovery plans, including a crisis communication strategy
Leaders need to create a culture of cyber security from the entry level to the top leadership of an organisation
Leaders may need to rethink organisational structures and governance to enable a more robust cyber security posture
Innovation in cyber security and rapidly evolving technologies call for greater investment to stay ahead of cyber criminals who are adopting such technologies even faster and to their advantage
Global co-operation across the public and the private sector is vital. Information-sharing, business co-operation with law enforcement agencies as well as skills and capacity development to be prioritised
Maintaining an open and secure internet requires collaborative effort between the public and private sectors
Trusted and verified cyber security ratings are required for the improved assessment of an organisation’s cyber resilience and comparability across peers
The World Economic Forum provides a neutral, trusted and globally recognised platform to facilitate co-operation and deliver tangible impact on the systemic challenge of global cyber security
How do I embed a positive cyber culture in my workplace?
Embedding a positive cyber culture, isn’t something that happens overnight. It takes time for people to get used to the culture, and as it slowly starts to spread, things will begin to get easier.
- Incorporate a no blame culture. We’re all human. Nobody is perfect. There will be times, when in our busy day to day lives, we’ll respond to a dodgy email, click on a link or do something that will compromise an organisation’s IT infrastructure.
Encourage employees to tell someone who’s role it is to ensure the cyber defences are where they need to be. By reporting it, measures can be put in place to prevent a criminal from wreaking havoc
- Utilise blanket policies. It’s very rare that two people in a business will work the same way, unless they’re advised to do so via a company policy. Ensuring everyone works in the same way, conducting their own due diligence is a great way for employees to take responsibility for their area and encourage their peers to do the same
- Spread positive cyber messages. Ensure everyone in your organisation are singing from the same hymn sheet with regards to cyber security. The CEO needs to have the same level of cyber responsibility as an apprentice. Cyber security isn’t bigger than no one.
Have you built a positive cyber culture in your workplace? How have you achieved it?