Human error continues to confound the best efforts of security executives.
No matter how much money gets spent on firewalls, intrusion detection software and other cybersecurity tools, it’s all going to be for naught if employees ignore security protocols and click on dodgy email links.
In theory, this ought to be easy to fix. But there are no shortcuts.
An edict out of the IT department won’t get the job done.
Building a security culture takes time and effort. What’s more, cybersecurity awareness training ought to be a regular occurrence — once a quarter at a minimum — where it’s an ongoing conversation with employees.
One-and-done won’t suffice. People have short memories, so repetition is altogether appropriate when it comes to a topic that’s so strategic to the organization. This also needs to be part of a broader top-down effort starting with senior management.
Awareness training should be incorporated across all organizations, not just limited to governance, threat detection, and incident response plans. The campaign should involve more than serving up a dry set of rules, divorced from the broader business reality.
Building a security culture takes time and effort
If done the right way, employees will come away with a keen understanding how their cyber behavior can impact the overall business.
According to the Global Cyber Security Capacity Centre, this hinges on the organization’s ability to influence attitudes as well as intentions.
Unlike training, where employees are quizzed on their knowledge of instructions, the focus of awareness training should be on changing behavior. In terms of making this happen, organizations should make clear to everyone on staff that cybersecurity adherence isn’t optional any longer. It’s strategic.
The reality is that bad habits linger, so don’t assume that employees are going to automatically change their behavior after watching a video or two about cybersecurity. Building an awareness program must include a mix of tactics with the goal of fostering a security-conscious environment. It also doesn’t hurt to throw in a few incentives to make sure the message gets through.
With cybercriminals doubling-down on their skills, it’s never been more important to get employees to understand the fundamental risks that cyberattacks pose to their organizations. Any progress organizations make on this front will pay major dividends.
Learn more about protecting your business in AT&T Cybersecurity Insights, Volume 6: "Mind the Gap: Cybersecurity’s Big Disconnect."
In this invaluable report, you'll read about the troubling disconnects that have emerged between today's cybersecurity threats and organizations' countermeasures, as well as what you can do to help strengthen your defenses and reduce risk.
Learn how your business can fill the gaps and help strengthen its defenses in this free, interactive report: “Mind the Gap: Cybersecurity’s Big Disconnect.”
Share this with others
READ MORE ARTICLES ON:
Sign up for the AT&T Business newsletter
Your feedback will help us to improve AT&T Business so you continue to have a great experience when visiting us!
This survey is conducted by an independent company ForeSee for AT&T.
Yes, I’ll give feedback!
Please provide the following information to access your document:
* To access your content, please check your browser settings to make sure pop-up windows are allowed.