Why Cybersecurity Awareness is Everyone’s Responsibility in an organisation.

• by Anthony Orjally
• Advent IM Blog

In today’s digital age, there are increasing reports of cyber threats and data breaches, making cybersecurity a critical concern for businesses of all sizes. A common misconception is that cybersecurity is of no concern to an organisation’s entire staff, but instead, just the IT department. The reality is that every individual within an organisation plays a crucial role in safeguarding these threats. Here’s why security needs to be a shared responsibility across all employees.

The Human Factor: The Weakest Link in Security

An organisation can have all of the latest and best software in place to prevent security threats… but that doesn’t eliminate the human error. Targeted employees are often caught out through social engineering or phishing emails, where a single click can compromise an entire organisation’s network system. According to ‘Breachsense’, 95% of cybersecurity breaches are caused due to human error.

Taking a look at phishing attacks, these are designed to target specific employees, with the aim of gaining access to sensitive information, such as login credentials.

However, by providing security awareness training to all employees, then phishing attacks are likely to fail with the organisation. Being aware of the potential for phishing attacks, employees will double check the spelling on emails (as the attacker may pretend to be someone who works within the targeted organisation and use a slightly altered email address), and forward the emails to a line manager, who will be able to block the attacker from sending emails again.

Protecting Sensitive Data

Within organisations there are different teams, however all of them share the same responsibility when it comes to protecting sensitive data. Whether someone is in the marketing team or in HR, they could be one of the causes of an organisational breach if they are not aware of the company security policies and procedures or complete regular training.

An example would be if an employee did not follow security protocols and setting an extremely weak password, that is needed to log into a sensitive website (such as a customer database). If an employee thought to set their password as ‘password123’, then there’s an extremely likely scenario where if this account was targeted by a cyber attacker, then they will succeed and have access to this organisation’s entire database, which holds all kinds of sensitive information, from names and job titles to phone numbers and addresses.

Having security protocols in place will prevent an employee from setting weak passwords to begin with. A strong password needs to be recommended, which consists of a variety of upper case and lower case letters, as well as both symbols and numbers.

Mitigating Insider Threats

Cybersecurity threats can appear not just from the outside, but internally too. Whether it’s intentional or not, insider threats can cause a significant amount of damage. The reason for a self-motivated insider threat to perform their illegal means, is either through personal ideology or financial gain.

To mitigate the risk of an insider threat, all employees must be made aware how the risk of their actions can have serious consequences. This awareness will help to foster an environment where suspicious behaviour is reported, which reduces the likelihood of an insider threat.

An example of suspicious behaviour would be consistent access abuse, excessive data downloads, and unauthorised access attempts.

Building a culture of security

Establishing a culture where security is a shared value is vital for cybersecurity measures to be effective. To encourage security minded behaviour, organisations can;

• Provide regular security training sessions that detail the risks associated with an employee’s role.
• Encourage strong password policies and the use of multi-factor authentication. The multi-factor authentication code would usually be sent to either an employee’s inbox or company work phone.

These examples provide a solid foundation for employees to be motivated enough to protect the organisation’s sensitive information.

To conclude, while IT departments play a key role in deploying effective security technologies, they can’t do it alone. Every employee, from top to entry level has a huge role to play in keeping an organisation safe from cyber threats. By fostering a cybersecurity environment across the organisation, the likelihood of risks will be significantly reduced, sensitive information can be protected, and there will be a compliance with regulations. Ultimately, cybersecurity is not solely an IT issue… it is everyone’s responsibility.