Cybersecurity might seem like a technical term that’s above your paygrade. In fact, you couldn’t be more wrong. Keeping an organization’s information secure is a major responsibility of every employee. And there’s a lot at stake. As this article notes, security breaches hit hard. They not only run up major financial costs, they can also destroy a company’s credibility. That means cybersecurity is not to be taken lightly. In this blog, I’ll talk about how this issue has developed and what we can do about it.
COVID, Some Context, and Cybersecurity
This recent article provides an extremely thorough overview of the current state of cybersecurity. I also found this infographic helpful to understand the current context. Basically, cybercrimes have increased 300% since the onset of the COVID-19 pandemic. Attacks are becoming both more frequent and more targeted. Employees have gotten used to working from home, often on home WiFi and personal devices, and that creates vulnerabilities. Unfortunately, the costs of cyberattacks have been massive. In 2021 alone, ransomware attacks created a combined cost of $20 billion dollars. That’s huge!
Certain kinds of attacks are especially prevalent in the current landscape. Ransomware, the kind I mentioned above, is explained on this page by the Cybersecurity and Infrastructure Security Agency. Basically, this kind of malware, or malicious software, encrypts files and makes it impossible for systems to run. Attackers often demand a ransom to decrypt the files. Unfortunately, paying the ransom is no guarantee of safety. Moreover, many businesses don’t have the financial resources to recover from an attack like that.
It’s interesting to note, though, that 95% of security breaches involve human error. Though external threats are rising, it’s usually employees who make the difference between security and a breach.
Challenges to Security
This article from Forbes outlines some of the sources of threat that often come to mind. For example, social engineering attacks basically trick employees. In this kind of attack, an email might claim to be from a colleague, requesting urgent access to data. Mobile security threats have also increased. Especially as remote work has exploded, unsecured Internet networks become vulnerabilities. In addition, there are threats specific to the amount of data stored in the cloud. Nevertheless, external threats can’t compete with internal threats. And that doesn’t mean employees are bad people.
This HBR article delves into the reasons why employees so often compromise cybersecurity. The article relies heavily on this research. The research found that employees are not usually compromising security because they have ill will. Instead, the culprit is stress. (I’ve written about the challenges of stress in the workplace here.) Although companies often talk about insider threats, the dialogue needs to change. There aren’t just a few bad apples who compromise data. Anyone might be driven to ignore cybersecurity policies under the right (or wrong) conditions.
The research found that the majority of employees admitted to ignoring security protocols some of the time. Their reason? In 85% of cases, it was to be more productive. This points to an underlying issue. Employees feel that security protocols are at odds with productivity. That’s something leaders need to change, and quickly.
How Leaders Can Step Up Security
This article for leaders provides some great tips to navigate this tricky terrain. First, be empathetic. Ask your employees whether security protocols are easy for them to follow or not. As this article suggests, you should be doing user testing while creating these protocols. (To learn more about this kind of research, check out this blog post.) Security protocols need to integrate with existing workflows. They shouldn’t make employees’ work more complicated or harder to do.
When employees let you know that they’re struggling to follow a security protocol, thank them. You’re lucky they’re letting you know before you experience a major breach in security! Whenever possible, try to find a realistic resolution to the issue. If what you ask of employees is unattainable, you’re putting your organization at risk.
Finally, providing education is crucial. Make sure employees understand what data is vulnerable and know how to protect it. Invest in education employees before you experience an attack. Trust me, it’s less costly than recovering from a cyberattack.
Cybersecurity Strategies For You
Of course, you don’t have to have authority in the workplace to make a difference. Every employee can take steps to promote cybersecurity. This Forbes article outlines a ton of best practices. Of course, there’s the obvious: watch out for red flags. You probably already know about these ones. Don’t open emails from unknown senders, respond to emails with poor grammar or spelling, or provide sensitive data over email. Also, don’t click suspicious links. Definitely don’t download unknown attachments.
There’s more you can do to keep your work accounts secure, especially while working from home. Don’t create or access accounts over free WiFi networks. Also, make sure your home network is secured with a strong password. Lock personal devices with passwords too. And don’t save passwords on your phone!
Pyrus’s Commitment to Cybersecurity
I think there’s one more obvious tip that I didn’t see in any of the research I did for this article. Don’t just take measures to advance cybersecurity at your company. Let your users know about it! That’s what Pyrus does in this statement on security. The company provides information about its efforts to ensure data privacy, encryption, network security, and other key measures.
Pyrus isn’t arrogant, though. Knowing how common and costly mistakes can be, Pyrus has developed a Vulnerability Disclosure Policy. In this way, the company incentivizes users to report any suspected vulnerability. If you bring something important to the team’s attention, you might even get a monetary reward! So don’t just think about how you can protect cybersecurity for your employer. Be part of advancing security for companies you know and love, like Pyrus.