Keeping data, devices, and networks safe and secure requires an all-hands-on-deck mentality, from front-desk receptionists to back-office tech workers, from student interns to CEOs, and from all job roles in between, according to cyber security experts from the IT Security Community of CompTIA.
In conjunction with the 15th Annual National Cybersecurity Awareness Month, CompTIA asked some of its members who are leaders in the cyber security field for advice on why keeping the workplace cyber-safe is everyone’s responsibility.
“I’ve spent the majority of my career providing IT services to organizations of all shapes and sizes and it still shocks me that people think technology, the internet, the cloud is just there and secure and safe,” said Chris Johnson, cyber security compliance strategist at onShore Security. “We have to transition from ‘it’s everyone’s job’ to ‘it’s everyone’s part of life.’ Online safety at work, or anywhere for that matter, is only as good as the weakest link.”
Though two-thirds of companies have formal cyber security polices and procedures in place, two-thirds of firms said those steps have proven to be only moderately or slightly effective, or not effective at all, according to a CompTIA report on the state of cyber security.¹
The shortcomings in corporate cyber security aren’t due to a lack of resources. Worldwide spending on information security products and services will reach more than $114 billion in 2018, according to the latest forecast from Gartner, Inc.²
More than technology, cyber security assurance depends on human actions and knowledge. The best technologies in the world won’t work without appropriate human behavior. To be truly effective in preventing and combating threats, organizations need to spread security awareness and knowledge throughout the entire organization.
Even small businesses with limited resources have cost-effective options for heightening their cyber-readiness, according to Kevin Rubin, president and chief operating officer at Stratosphere Networks.
“Lower cost solutions that proactively oversee security and are geared to assist small businesses have become available,” Rubin said. “Companies that don’t want to spend anything on IT security can implement strict data handling policies and remind their team about the importance of proper email handling. Keep in mind that simple things like updating operating systems and leaving your local firewall on can be game changers.”
Another common-sense step is to ensure that employees who have a business computer or smart device only use that device for business activities.
“Tech for personal use should be kept separate; don’t intermingle these items,” Rubin advised. “And just because someone is working from home doesn’t mean they can’t follow corporate security practices or policies. Treat working from home like you do working in a corporate office.”
“We can no longer pass the buck, blame a vendor’s lack of security, or turn up our noses in disdain when a colleague clicks on a link to save a Nigerian prince,” Johnson concluded “What’s happened in the past may look nothing like what happens in the future. Which brings us back to, ‘It’s everyone’s job.’ “
¹ CompTIA, 2018 Trends in Cybersecurity: Building Effective Security Teams, September 2018.
² Gartner, Gartner Forecasts Worldwide Information Security Spending to Exceed $124 Billion in 2019, August 15, 2018.
Good pointers on why awareness of cyber security should be there across all levels in any organization..