JD Harris is CEO of Ascent Solutionis your partner in solving the toughest cybersecurity problems.
Now is the time for cybersecurity policies to be ubiquitous and accepted as workplace safety policies. Cyber security today is the same as physical security 40 years ago. There are very few regulations and standards, and those that exist often feel arbitrarily imposed. Cyber safety is not expected or regulated as part of corporate culture. This is a crucial moment not only in the cybersecurity landscape, but also in basic corporate behavior. It’s time for leaders to create cultural changes that support cybersecurity policies, making them as necessary as safety and compliance standards.
Years ago, factory work was incredibly dangerous and unregulated. There was no external governing body to oversee factory safety measures. There were no safety notices or signs distributed in the working environment. Only when workers fought for industry standards did organizations like OSHA begin to ensure a safer environment. Safety meetings, equipment maintenance and barriers have become the norm. The incident is now openly reported. Manufacturers have signage that tells you the number of days or years since the last accident. However, prior to the 1970s, workplace safety expectations were rare and accidents were accordingly commonplace.
Imagine this. A new employee entered the manufacturing plant and their boss told them to work it out themselves. So they start pushing buttons, moving levers, and hanging out with circular saws. Like an unsupervised toddler. If someone cut the numbers out, the employer would quietly send them to the hospital, and the employee would go back to work as if nothing had happened. I didn’t.
In this century, such an event would seem silly and would be unacceptable for any organization.
As of 2022, cyberattacks are costing the U.S. economy an average of $9.44 million, up from the previous year. Due to the sophisticated techniques of advanced hackers, no person or company is immune from cyber problems, even those without laptops. Today, businesses are even more vulnerable to cyberattacks for the same reasons that caused tragic workplace accidents. This has to change.
fight for cultural change
A culture change is the first step if we expect our business to be protected from cyberattacks. Similar to the safety measures put in place across the industry to protect workers, digital safety and cybersecurity should also be an industry-wide focus. Our broader culture needs to understand that cybersecurity is just as important as wearing a helmet or neon vest on a construction site.
Business leaders are responsible for cultural change within their organizations to ensure short- and long-term prosperity. This requires emulating certain behaviors that better protect your organization (i.e. spending more time reading something before clicking on it, or trying to find a funky alternative to your usual information resources). such as looking up a URL or address). And just like dealing with other threats (such as physical building security and machine and system safety), it takes good faith to incorporate cybersecurity measures into the workplace environment.
master the basics
Protecting your company doesn’t have to be complicated. There are basic routines that organizations must follow, such as multi-factor authentication, penetration testing, threat hunting, and wiping sensitive data from old devices. All organizations should master these. perform maintenance. Regular patching and updating of all software and firmware ensures that all devices are functioning at optimal levels while also providing critical fixes for newly discovered vulnerabilities. .
Team members should understand that these are daily, ongoing practices. Preliminary steps such as multi-factor authentication, penetration testing and threat hunting are like a surgeon who doesn’t wash his hands before surgery or a traffic patrol who starts work without the prescribed safety vest. Each person needs to understand that these cybersecurity measures are what their real work can begin.
Software alone cannot solve cybersecurity problems
Technical solutions such as anti-malware software are only effective when used in conjunction with employee education. Ongoing training is required for all stakeholders, including third parties with access to organizational information. Employees should also be trained to understand and report insider threats. This allows the company to respond quickly when these threats arise. Discuss your organization’s “treasures” that need special attention, provide case studies of previous breaches, and teach them how to recognize the warning signs of a security incident. Discussing potential issues at the organizational level is a healthy practice.
Cybersecurity is a never-ending journey
Cybersecurity is an ongoing journey to understand the level of risk and threats facing an organization and respond accordingly. Leaders and their teams need to understand that cybersecurity regulations are just as important as physical safety regulations. Understanding common threats, educating employees on what to look out for, and learning best practices for protecting a company’s digital assets is critical to limiting the frequency and severity of these attacks. is a step.
The Forbes Business Council is the premier growth and networking organization for business owners and leaders. am i eligible?