Why employees at all levels of a business must care about cybersecurity
The expansion of cybersecurity awareness - from its initial, limited perception as a technology issue in the realm of IT to the current understanding of its importance across all areas of a company, - is impressive. This increase in knowledge among many organizations has led to more effective systems to protect valuable assets and a better understanding of how threats develop and evolve.
While there's no doubting the rising level of cybersecurity awareness, it hasn't yet reached a point of total saturation. There are plenty of organizations where a lack of informed employees or incomplete recognition of the scope of the problem leads to vulnerabilities and holes in protective efforts.
"While the corporate suite isn't the only place strong informational security knowledge is needed, it's one of the most important."
A lack of comprehensive understanding in the boardroom
While the corporate suite isn't the only place strong knowledge of informational security is needed, it's one of the most important. Policy and priorities often flow from the head of an organization downward. Therefore, it's important for executives to not only be aware of the cybersecurity situation in a company but serve as leaders in those areas as well.
CSO recently examined the security readiness of more than 500 companies and governmental organizations through an annual survey and found many businesses could do much more in terms of developing awareness at the highest levels of a business. One fact that jumped out from the report is the lack of information shared by internal security leaders with board members. Approximately 28 percent of those responding to the survey said there are no formalized or regular information-sharing sessions between security professionals and board members. An additional 26 percent of organizations only see their boards at annual meetings - rarely enough to keep leaders adequately informed. Add in the 42 percent of businesses that don't view cybersecurity as a companywide corporate governance issue and it's easy to see there's still plenty of room for improvement.
Getting employees focused and ready
Assessing the need for change and improvement in the boardroom may be relatively easy when compared to educating the staff of a business. Executives are usually small in number, have strong motivations to improve business security and can improve operations by increasing the flow of information. Employees require a different approach.
The National Cybersecurity Institute at Excelsior College said keeping employees involved and educated is crucial to effective policy and execution. It cited data from Verizon's "Data Breach Investigations Report" that found a number of security issues and problems faced by companies were solvable through better adherence to best practices, such as implementing software updates and patches in a timely manner.
While the news that a significant number of companies have issues with employees following security rules is disheartening, it's important to realize improvement can come from more education. This will likely require additional time and effort on the part of staff and leaders, but the payoff is certainly worth it. Additionally, many organizations can let their security experts organize and lead such efforts. This approach cuts down on the cost of bringing in outside consultants for training while efficiently customizing learning plans for the unique needs of a business.