Successfully warding off cyber attacks requires a coordinated effort across all levels of a business. But what does workplace culture have to do with it?
It’s estimated that cyber crime damages could amount to as much as $6 trillion by 2021. It’s totally feasible; our world is being increasingly digitised, and cyber criminals are only becoming more agile and cunning with time.
In response to this, many workplaces are hoping to inspire a ‘cyber security culture’ among employees, believing that protection from cyber attacks can only be achieved with a top-to-bottom, coordinated effort. Yet what is a cyber security culture, and how can employees expect to see it integrated over the coming years? More importantly, is it a help or harm to workers?
Group effort required
Essentially, cyber security culture in the workplace amounts to the promotion of safe cyber security practices that integrate seamlessly with people’s work. It is making employees aware of cyber threats and making them amend their behaviour accordingly in order to mitigate potential threats.
Understanding phishing attacks, promoting better password management and the basics of encryption are all things employees should be educated about if a company wants them to make better choices in this regard.
Yet, according to a recent report, a staggering 95% of organisations still report a gulf between the desired state of cyber security culture and the current state. For most, the immediate solution is to increase employee training and better communicate behavioural policies.
Is there any downside?
You could say that there’s no real downside to encouraging safety, cyber or otherwise. Everyone loses out if a company is impacted by a cyber attack.
Employee behaviour is important, of course, but it shouldn’t replace bringing in a cyber security/IT team to secure your network.
Is this broadening an employee’s skills and knowledge, or is it burdening them with another anxiety that is too heavy a weight for any individual to carry? While many cyber security professionals are quick to point the finger at lazy employee practices, is this glossing over the responsibilities that an employer has to secure their network enough so that a single human error won’t bring down the entire firm?