Given the modern threat landscape and onslaught of more evolved attacks, cyber resilience is concern for every business as collectively we recognize that the latest technologies alone won’t be able to fend off every dangerous risk or threat. To combat this, companies need to create a culture of cyber resilience that aids all employees in easily enacting modern cybersecurity best practices.
Because company culture is far reaching and vital to every employees’ success, it’s usually championed by senior leaders with holistic views of the company and its operations. It is vital that company leaders are familiar with the threat landscape and related online challenges employees face day to day in order to promote behaviors that encourage a cyber aware culture.
Think of cyber resilience as digital fitness. It’s a business’s ability to keep moving forward in the face of adverse cyber threats. Because cyberattacks and data loss can easily derail a business, it’s crucial to have the right tools, processes and backup policies in place in order to strengthen cyber resilience and easily bounce back in the event of a threat.
While it’s comforting to know dedicated cybersecurity vendors or internal teams of experts are safeguarding employees and businesses online, it never been more crucial that every employee take ownership in their online behaviors because some of the most comment threats, like phishing, are at record highs given the ongoing pandemic and the employee is often the target.
In fact, recent research detailing online behaviors and clicks habits of professionals working remote during the pandemic found that in Australia and New Zealand, one in five people reported receiving phishing emails specifically related to COVID-19. 76% of respondents also admitted to opening emails from unknown senders, an ongoing cybersecurity risk, with over half (59%) blaming it on the fact that phishing emails look more realistic than ever.
It takes time to adopt cyber resilient behavior into day-to-day routines but there are simple steps, like using unique passwords for all logins and never enabling macros from a document, that can keep end users safe from a range of common threats.
If employees are not educated about cyber threats, they can’t be expected to properly defend against them. Cybersecurity awareness training varies in length and curriculum, but elements can include phishing simulations, courses on security best practices and data protection, and compliance training for important regulations like GDPR, HIPAA, CCPA, etc.
The most effective cybersecurity education empowers users to be a proactive participant in an organization’s security practice. Training is important at onboarding, but regular ongoing simulations, engaging content, and gamification will create and sustain true culture. Integrate cyber awareness in the minds and beliefs of staff and reinforce it at all levels of the organization on an ongoing basis.
To reinforce a cyber resilient culture, businesses should report on successes (like number of attacks blocked), latest risks and threats, and tips to staff about cybersecurity trends and best practices through internal newsletters, emails, remote check-ins, along with sharing external methods of validation such as videos and podcasts. Business leaders should incorporate reminders and updates about cybersecurity into All Hands meetings and other important company updates to underscore the importance and purpose of investing in cyber resilience.
By incorporating the above practices and considerations into company culture, businesses can significantly reduce risk while protecting their reputation, staff, and customers. When staff feel they are an integral part of security, that they have a collective responsibility, and that they can identify latest cyber threats, framed within their workplace culture, they help themselves and their organizations to avoid the potentially devastating effects of a cybersecurity breach.