©2024 ALL RIGHTS RESERVED
Whether you realize or not, your employees are a critical part of your layered defense against phishing attacks, malware, ransomware, and more. So why aren’t they concerned?
In just about every news story you read today about another phishing attack, malware infection, ransomware attack, or data breach, there’s a part of the story that’s either covered or implied – a user was involved. The user – whether malicious, negligent, or unwitting – clicked on a link, opened an attachment, visited a webpage… something that allowed a cybercriminal access to execute their malicious actions.
And with attacks having devastating results, like the most recent ransomware attack on global shipper Cosco, that has brought operation to its knees, the question should be raised:
Why don’t employees care about CyberSecurity?
It all comes down to one reason: your company doesn’t have a security culture. In essence, they don’t care, because the organization hasn’t told them they need to care as part of their job. Hire someone to do accounts payable and what do they think their job is? To do accounts payable. That’s it, security is IT’s job, not theirs. But hire someone into accounts payable in an org that has a security culture, and they now do account payable, but are also constantly watching for cyberattacks, phishing scams, and the like.
So, what does it take to create a security culture?
I’m going to abbreviate the 10 tips to make your employees care about cybersecurity found over at TechRepublic down to just 3 high-level steps:
While there’s much more you can do to create a more formal security awareness program, the steps above provide the basics necessary to create a security culture.