Even with the most robust security measures available, one uninformed employee can open the door to catastrophic data loss with the click of a mouse. In our current threat environment, you need more than strong software, you need smart practices and trained people. Creating a culture that values data security in all aspects of your business can be the best defensive action you can take.
From the National Cyber Security Alliance:
Think of your company as a community. Most observers say there are three primary factors that help ensure law and order in a community.
1. Risk Perception
Members of the community can only act to prevent or report crime if they know what it looks like and have a certain level of fear about it. This is why the police departments in some communities work so hard to establish trust in their communities, and it’s the origin of the byword, “See something, say something.” In a company, you can take advantage of risk perception with user awareness training. Teach all employees what cybercrime looks like and how it is likely to affect them.
2. Social Norms and Conformity
Most human beings behave well because of social norms — informal understandings about the proper way to behave. Most of us go through our everyday lives with a sense of these informal understandings. Yes, the laws are there, but the opinions of our neighbors are keeping us in line. Just like every community, every organization has a culture that includes social norms, often ones we aren’t even aware of. Finding ways to incorporate security into those norms will go a long way toward protecting your organization’s assets. Here’s how you incorporate security into your organization’s social norms. Make sure the leadership of the organization stresses the value of security and backs up these values by modeling appropriate behaviors. A CEO who talks about the importance of security and then writes his or her password on a sticky note on the computer monitor will harm more than help the culture of security.
3. Routine Monitoring
Studies show that companies with skilled incident response teams suffer fewer catastrophic data breaches and lower average cost when data breaches do occur. This is because incident response teams reduce the “dwell time” of criminals that manage to invade your network. But incident response teams themselves also contribute to the culture of security, because their presence reminds employees of the importance of security.