Cybersecurity is defined by your Corporate Culture

Cybersecurity is defined by your Corporate Culture

In 2018, CNBC reported on an industry study that suggested the biggest cybersecurity risk to US businesses is employee negligence.

Two years later, not much has changed, and security experts estimate that end-users account for more than 95% of successful attacks.

As big businesses shell out millions in ransomware payments and small businesses collapse, here’s the question – is the problem with your employees, or with your corporate culture?

If you don’t have a cybersecurity training program, if you’re not checking on and testing your employees, if you don’t remind your team of the dangers online then what’s the message you’re sending and what does your culture look like as it pertains to technology and security?

From basic security technology that every organization should employ (firewall, antivirus/anti-malware, spam filtering, website filtering, managed patch updates, backup, etc.) to advanced cybersecurity like breech detection/prevention, vulnerability scans, penetration testing, Security & Event Information Management (SEIM) systems, and more there’s no shortage of tools for your budget.

But what good is any of it when an employee gives up their credentials, willingly provides information to a scammer, or straight up sends cash to a criminal with a legit looking email address? There’s a problem in our business community and while it has everything to do with our staff, the blame lies with leadership and messaging.

So, how well are you communicating the importance of cybersecurity and good online hygiene to your team? Here are three questions and a bonus round to put your IT corporate culture to the test: