2020 has been a year like no other, with organizations in Asia and around the world facing increasingly sophisticated cyber-attacks coupled with COVID-19 scams.
The latest threat report from VMWare Carbon Black noted that 80% of Singapore organizations have suffered a data breach as a result of a cyber-attack in the past 12 months. More worryingly, 93% of all Singaporean respondents stated that they had seen an increase in overall cyber-attacks due to employees working from home with the onset of COVID-19 and lockdowns occurring in the country.
While IT professionals worldwide have some thorough and detailed frameworks and guidelines to use when it comes to developing a robust information security strategy, there is one often overlooked component — the human element. It only takes one employee to click on a link in a phishing email to endanger an organization.
Nurturing the human element
Creating a robust cybersecurity strategy includes having a strong cybersecurity culture embedded throughout the organization, engaging employees’ hearts and minds.
A recent security culture report from KnowBe4 noted that some industries such as banking, financial services, and insurance fared significantly better than others. But there was still much improvement needed to ensure that employees understand the importance of their own security hygiene when it comes to safeguarding the organization and its data.
If not defined, culture is formed by people, their attitudes, values, unconscious bias, and overall approach to the world. Unchecked, group thinking emerges, silos form, and if not careful, you may find yourself amid a toxic culture.
Cybersecurity culture is not just completing training or reporting phishing emails. It’s the unseen and sometimes unmeasurable situations that occur and the subsequent response.
Organizations should strive to attain a culture where employees are aware of their responsibility to keep things safe, the cyber threat landscape, and the tricks cybercriminals use. It’s also essential for staff to be mindful of the organization’s policies regarding keeping everything secure, understanding what is acceptable online behavior, spotting the red flags, and reporting any potential phishing emails.
Defining cybersecurity expectations
Below are some pertinent questions that you should consider when you’re looking to define your cybersecurity expectations:
1. What attitudes do you expect employees to have towards security?
2. What behaviors do you want to change or see?
3. Do staff have an understanding, knowledge, and sense of awareness?
4. How do you go about communicating with employees? Do they feel like part of the solution?
5. Have you considered and included staff in your policies, and do they know what to do?
6. When it comes to the unwritten rules of conduct at your organization, have you thought to include cybersecurity?
7. Lastly, and perhaps most notably as without it you are doomed to fail — do employees understand why cybersecurity is everyone’s responsibility and that they have a critical role to play?
Once you have the answers to these questions, you are on your way to developing your cybersecurity culture and securing your organization.
Creating cybersecurity awareness among employees
To create a strong cybersecurity culture within your organization, it’s also imperative to ensure that your employees have a good understanding of cybersecurity. Below are some tips on how you can go about this:
Having a good cybersecurity culture is vital for your organization to keep its cybersecurity defenses up and avoid falling victim to a cyber-attack. After all, your employees will be your organization’s last line of defense more often than not.
Jacqueline Jayne, Cybersecurity Awareness Advocate, KnowBe4 APAC, authored this article.
The views and opinions expressed in this article are those of the author and do not necessarily reflect those of HR&DigitalTrends. Image credit: iStockphoto/illustration