Cybersecurity compliance is a significant concern for most enterprises, as many breaches happen because of poor employee implementation of security protocols. Employees can overlook a company's procedures because they don't see them as necessary. And a number of employees treat their work data the same as they would treat their home data, which can potentially lead to significant security breaches.
So how can a company make sure its employees understand the need for being secure when dealing with information coming from the internet, and then act accordingly? Below, members of Forbes Technology Council offer insights on what methods businesses can use to incorporate—and encourage—proper cybersecurity protocols in their corporate environments. Here’s what members recommend:
1. Educate About Risks And Solutions
One way to help reduce threat vectors is to educate employees on the types of security breaches that are active today and what measures the employee can take to mitigate them. The rise of subtle social engineering-based attacks, which include a broad range of malicious activities, leverages human interaction and psychological manipulation to trick employees into making security mistakes or giving away sensitive information. Employees must have a helpful mindset in both employee-to-employee and employee-to-customer interactions. However, the employees need to understand the delineation between being helpful versus being deceived during in-person and electronic interactions. - David Morris, FalconStor
2. Provide Scenarios And Examples
One of the best ways to help improve buy-in and compliance is to demonstrate "virtual" scenarios of cybercrime, hacking and other related activities to your employees. Doing so helps them understand how it is done, the damage that can take place, and the amount of effort to address and resolve the issue. Once aware, most—if not all—employees will become better engaged in prevention, and further communication. Without this total awareness, most employees will simply dismiss the topic and believe it won't happen to them. - Jani Tuomi, Microdrop
3. Hold Regular Check-Ins
One of the best ways to improve employee buy-in and compliance for cybersecurity procedures is to hold regular team check-ins with some example scenarios and walk through some case studies together as a team. Once people see the potential damage of cybersecurity threats and how it could impact their day-to-day work, they have a much higher likelihood of being proactive with cybersecurity. - Richard Ma, Quantstamp Inc.
4. Make It Seamless
The focus should be to abstract away the need for buy-in and have it built-in as part of the process. Everyone today in the industry is aware of how important security is, especially when handling customer data. Security needs to be seamless so engineers can focus on writing software. Once you can achieve that, you no longer need buy-in because it's already happening behind the scenes. - Anthony Caiafa, SS&C Technologies Inc.
5. Focus On Context And Ramifications
The context and the business ramifications of non-compliance of individual employees help them get a better perspective and understand the risk. In my experience, there are innumerable examples of non-compliance being the biggest reason for some of the deadliest cybersecurity breaches across industries. What I've seen work very effectively is a combination of mandated compliance by employees along with onboarding training programs with real scenarios from the past shared as examples. Intent and context are extremely important in making cybersecurity procedures successful within organizations. - Venkat Thummisi, FlexIR Labs
Read more in To Future-Proof Enterprise Security, We Need To Look At The History Of Email
6. Build Relationships And Trust
I find the best way to improve employee buy-in for cybersecurity procedure is to build relationships and demonstrate domain mastery. Essentially, what you are trying to do is build trust. For a lot of people, technology is black magic and no amount of talk will change behaviors. However, if employees know you and trust you, it is much easier to get them to get on board with compliance. Ultimately, if you’re going to be asking people to do something that is going to make their lives more difficult, you need more than just policy. - Kevin Batchelor, Complete Merchant Solutions
