When it comes to keeping data, devices and networks safe and secure, the responsibility is shared by everyone within an organization from top to bottom.
That’s according to cybersecurity executives with CompTIA‘s IT Security Community. As part of National Cybersecurity Awareness Month, CompTIA asked some of its members for advice on why a secure workplace is everyone’s responsibility.
“I’ve spent the majority of my career providing IT services to organizations of all shapes and sizes, and it still shocks me that people think technology, the internet, the cloud, is just there, and secure and safe,” said Chris Johnson, cybersecurity compliance strategist at onShore Security. “We have to transition from ‘it’s everyone’s job’ to ‘it’s everyone’s part of life.’ Online safety at work, or anywhere for that matter, is only as good as the weakest link.”
While two-thirds of companies have formal cybersecurity polices and procedures in place, two-thirds also said those steps have proven to be only moderately or slightly effective, or not effective at all, according to a CompTIA report on the state of cybersecurity.
The shortcomings in corporate cybersecurity aren’t due to a lack of resources, as global spending on information security products and services will exceed $114 billion this year, according to Gartner’s latest forecast.
More than technology, cybersecurity assurance depends on human actions and knowledge, as the best technologies in the world won’t work without appropriate human behavior, according to CompTIA. To be truly effective in preventing and combating threats, organizations need to spread security awareness and knowledge throughout the entire organization.
Even small businesses with limited resources have cost-effective options for heightening their cyber-readiness, said Kevin Rubin, Stratosphere Networks‘ president and chief operating officer.
“Lower-cost solutions that proactively oversee security and are geared to assist small businesses have become available,” he said. “Companies that don’t want to spend anything on IT security can implement strict data-handling policies and remind their team about the importance of proper email handling. Keep in mind that simple things like updating operating systems and leaving your local firewall on can be game changers.”
Another common-sense step is ensuring that employees who have a business computer or smart device only use that device for business activities.
“Tech for personal use should be kept separate; don’t intermingle these items,” Rubin said. “And just because someone is working from home doesn’t mean they can’t follow corporate security practices or policies. Treat working from home like you do working in a corporate office.”
“We can no longer pass the buck, blame a vendor’s lack of security, or turn up our noses in disdain when a colleague clicks on a link to save a Nigerian prince,” Johnson said. “What’s happened in the past may look nothing like what happens in the future — which brings us back to ‘it’s everyone’s job.'”