Are you responsible for keeping your business safe? Then read on to learn how to manage cyber security in a manageable way.
We know it can feel like a daunting and overwhelming task to create strong cybersecurity in your workplace. After all, the average company has a number of employees using different devices with varying amounts of technical expertise. One employee may use only one type of software application for work, while another uses 50. And they may work in an office or remotely, perhaps even in their own home.
There are some basic principles that can help you manage your company's digital defenses and encourage other employees to make smart, secure decisions on their own. Together, everyone in your company can make cybersecurity a little more manageable part of your day.
Stop and take stock
First, make sure you have a solid understanding of your business. Ask yourself some basic questions like:
- How many employees do we have?
- Is the business based on office work, remote work or a hybrid work setup?
- What industry do we operate in?
- What countries or regions do we do business in?
- What kind of data do we handle?
Once you've answered these questions, consider your company's culture and values. What are your colleagues like? What principles govern how you do business? For example, if your company is committed to being carbon neutral, that should influence how you approach cybersecurity. If you choose a different approach that doesn't fit with your company's values, it will only be harder and more stressful to implement.
Figure out what needs to be protected. Every business has different amounts and types of data. And that information can be stored anywhere, including in the cloud. It may sound obvious, but completing this kind of "digital inventory" will make it easier to target your efforts and not feel like you're groping in the dark.
Focus on health and well-being
If you're a security expert, it's very easy to stare blindly at IT tools and work protocols. Getting those things in place will make a difference to every employee's mental health, but they're not the only factors. You should also focus on the basics of employee wellbeing, like making sure everyone has a realistic workload, the ability to take some time off and hours that promote a healthy work-life balance (that includes you, by the way).
These may not feel like important safety policies, but they are. If everyone you work with is happy, well-rested and comfortable with the deadlines they're working towards every day, they'll be more likely to follow your company's safety policies. You and your team will also make better, more confident decisions throughout the day and have a better chance of detecting security threats, such as phishing emails.
Create smart security policies
Every business needs a robust set of rules to protect their customers and business-related data. It can be tempting - and less stressful in the short term - to stop and think about whether the rules are fit for purpose, or whether people on your team are actually following them.
But remember: you can't afford to do anything halfway. A well thought-out and updated safety manual is essential to keeping your business safe. Such a handbook may take a while to write, but you'll probably feel more organised afterwards. If it's comprehensive and well-maintained, it will also reduce the number of questions you get from other employees, giving you more time to focus on other tasks.
But how do you write policies that don't make people angry or stress them out? It's all about balance. You can't compromise your company's security, but you can write rules and guidelines in a way that's easy for everyone to understand and comply with.
For example, let's say an employee needs to update your website. But before they can hit publish, they have to go through 72 security checkboxes. Some people will go through them diligently, but the vast majority will probably just tick each box, whether they've met the criteria or not. Ask yourself: Could the same security check be covered with fewer boxes?
Onboarding is important
Focus on helping new hires establish good habits. Onboarding is a crucial moment to explain your company's overall approach to cybersecurity. If you explain this information correctly, employees will understand what is expected of them and make an effort to stay safe. Good habits will become naturally integrated over timeone in your employees' working day, reducing your company's overall risk and giving you peace of mind.
During your onboarding, you should explain:
- Your key policies and why they are needed
- Where to find their safety manual, which should answer common questions and be updated regularly
- Where and how they ask for help
- How they report suspicious activity
- Why your company doesn't punish people for coming forward and sharing the mistakes they've made
Build a cyber security culture
Your company already has a deeply rooted culture that you should be aware of and build your processes around. But if you want to make your job a little more manageable, you should complement it with a cybersecurity culture. It's impossible to check and monitor your business for security threats all the time. Even the most comprehensive security checks will leave you with some blind spots. But if you have the right culture in place, everyone will have the knowledge and desire to make smart, secure decisions while they're at work.
To build this culture, you should:
- Start at the top. Make sure management understands the cybersecurity culture and sets the right example for the rest of the company. If they ignore your security policies or make poor decisions, there's a greater risk that everyone else will ignore or reject your efforts.
- Offer regular training sessions. Make sure you have awareness training that can be accessed at different times so that everyone, regardless of their working hours, can participate.
- If you have an IT department, make sure they are available. People should feel comfortable asking your IT department for help or suggesting ideas to make the business more secure.
- Offer tools that make it easy for everyone to do the right thing. The right tools will empower employees to practice good security habits. For example, a password manager allows all employees to protect their accounts with strong, unique passwords.
The right tools
Keeping track of sensitive business accounts and data is important. Otherwise, a cybercriminal could gain access to them, perhaps without anyone from the company noticing. But monitoring everything can feel like a difficult and stressful task.
The trick is to find tools that will work for you and your business. Ideally, they will be easy to implement and allow you to monitor and protect data effectively. Choose tools that align with your company's existing culture and infrastructure. First, it will make them easier to implement and use. Second, it will ensure they are better understood and accepted by the business. All of these factors will then help make your company's cybersecurity a little less stressful for everyone.
You should look for tools that let you do this work without being overly invasive. You don't want to build a culture of surveillance in your company, as it may stress employees and reduce their productivity.
Remember your offboarding
The final part of a cybersecurity overhaul is to focus on offboarding. To keep your business secure, it's important that you control what all employees have access to. This includes current employees, but also those who have recently handed in their notice. So think about your offboarding process. For example, you should have a checklist that you can go through to ensure that former employees can no longer access company accounts and data.
About the author
Sofie Meyer is a copywriter and phishing aficionado here at Moxso. She has a master´s degree in Danish and a great interest in cybercrime, which resulted in a master thesis project on phishing.