Rob Lunney is the country manager for Canada at Palo Alto Networks
In today’s digital-first world, protecting a company’s digital commodity – data – should always be top of mind. With the frequency and complexity of cyberattacks increasing, targeting both businesses and consumers, the use of cybersecurity tools to protect against threats have equally increased in importance.
However, a frequently overlooked issue remains in cybersecurity: even the best technology can be rendered relatively ineffective without good cyber hygiene. You can have the right tools in place, but human error may be the weakest link which could lead to a data breach. Creating a cybersecurity-conscious culture by empowering employees to adopt security best practices is an integral step in protecting company data.
Laying the foundation
Despite the growing importance that data plays in the operations of most businesses, from sales to finance to human resources, cybersecurity best practices aren’t always a top priority for the average employee. According to a recent Palo Alto Networks study, only 56 per cent of Canadians feel they’re doing all they can to prevent the loss of their information, which leaves a sizable gap for potential data loss.
At the core of the issue is the fact that many employees lack basic cybersecurity knowledge, and don’t understand their actions and behaviours can greatly affect an organization. In other cases, employees do not follow the policies and procedures established by the organization because they perceive them as being too complicated.
With an increased awareness, an organization’s employees have the potential to be the ‘x-factor’ in securing company data.
Empowering the work force
Establishing a culture that supports cybersecurity doesn’t happen overnight. There are a number of approaches that organizations can take to empower its work force.
First and foremost, there’s a need to prioritize education and training. Simply put, employees can become cybersecurity-savvy if they’re taught the fundamental problems and challenges. As such, it’s important to tie learning to current risks and security methods, thereby making the information much easier to grasp, while delivering it in short and consistent doses.
Improving cybersecurity culture needs to also be company-wide. Leaders outside of the traditional IT department should play an important role as cybersecurity evangelists, discussing the risks and best practices in the language their respective teams understand. Employees are more likely to buy in if the leaders are actively promoting good cyber hygiene. In today’s digital-first world, every person working in the company requires some understanding of cybersecurity and data protection.
Equally important is making it easy to report problems or identifying other threats. Employees have their own responsibilities and if the systems to report threats are overly complex and time-consuming, employees will be less inclined to do so. It can be as simple as adding a one-click link to a report a phishing e-mail or other suspicious activity.
In today’s world, having a culture that embraces security best practices can improve the well-being of a company – better security can lead to better business outcomes. When organizations get the equation right – through solid training and leadership – the results can be transformative.
This column is part of Globe Careers’ Leadership Lab series, where executives and experts share their views and advice about leadership and management. Follow us at @Globe_Careers. Find all Leadership Lab stories at tgam.ca/leadershiplab.
Stay ahead in your career. We have a weekly Careers newsletter to give you guidance and tips on career management, leadership, business education and more. Sign up today.