You are here

Avoid These Pitfalls to Strengthen Your Security Culture

< All Posts

There’s no denying it – every company, no matter the size, industry or geographic location, will experience a cyber attack. Not only are hackers getting more creative about how their attacks are engineered and carried out, but the motivation behind them has evolved beyond financial gain. From political persuasion to personal vendettas, the act of the breach itself has become somewhat inconsequential compared to the damage that can and does result once that data is in the wrong hands.

Because of these very real risks, companies are investing heavily in IT and data security – and they should be. IDC predicts that by 2020, more than $100 billion will be spent on security solutions. And while it’s true that technology is currently our best defense against cyber criminals, it’s by no means foolproof, and because of this, significant vulnerabilities remain. In fact, recent research from Accenture suggests that of the more than 100 targeted attacks the average company faces each year, one-third of those attempts will succeed.

In response, many companies are beginning to look beyond technology and internal processes/protocols to the employees themselves to close the security gap. While the idea of a sound security culture sounds promising, it can be extremely daunting to effectively implement and enforce. Part of the challenge involves achieving consistency across organizations and individual business lines. Another factor involves the wide swath of employees who must all practice and adhere to similar standards and best practices, despite significant differences in roles, skill sets and work styles.

As companies determine the security posture and culture that work best within their unique corporate environments, there’s one thing that most can agree on: the tone must be set by those at the highest levels of the organization, including the C-suite, board members, and directors. Not only must these individuals be involved with the creation of the actual information security policies/procedures, they must also follow these guidelines to a T, serving as an example for all others in the organization.

Security professionals who are tasked with not only protecting the organization against a litany of threats but also elevating the urgency of data-, cyber- and IT security issues to top executives, have a long road ahead of them. In order to create a strong security culture from the ground up, or to revisit existing practices, it’s imperative to avoid the following pitfalls to ensure success.

You’re Overlooking the Basics

For security professionals working in the trenches, it’s easy to assume that others in your organization understand basic security practices like you do. While you may know your organization’s security policies and procedures like the back of your hand, the reality is that most of your fellow employees have long forgotten what’s allowed and what’s not. This is a significant issue in organizations where employees work remotely and/or travel frequently for business and must stay connected to the office via mobile devices. In reality, if employees are not compelled to follow the rules, they will make up their own — and no one is guiltier of this than the C-suite and board members.

With human error and lost/stolen mobile devicesat the heart of a growing number of data breaches, it is essential to develop or evolve security policies to ensure alignment with the needs and behaviors of today’s modern workforce. Updated policies need to cover the basics including appropriate use of Wi-Fi connections, best practices for shared workspaces, document access/sharing protocols, and procedures to follow should a phone, tablet or laptop get stolen or go missing.

25 Oct 2017 Nettie Feldman |