Cyber Security in the Workplace Is Everyone’s Business

NCSAM Week 2: Creating a Culture of Risk Reduction

Stephen Nardone

What’s the most critical element of your IT security plan? If you said “people,” you’re correct. In this day and age, robust IT security at the perimeter of your network isn’t enough to defend against threats. You still need those powerful hardware and software technologies, but you also need a workforce that understands cyber risk—and how to reduce it.

Giving your employees the tools, knowledge, and experience necessary to achieve that goal requires two essential components: ongoing education and a culture of cyber security that permeates your organization from top to bottom. The importance of education is obvious—people won’t take the right path if you never show it to them. The second half of the equation is a much tougher concept to grasp, and it’s the undoing of many an organization’s security plans. Why? Because your employees need to understand that cyber security is a shared responsibility, and convincing them that constant vigilance is in their best interests can be a challenge. No one wants to make work harder for themselves. In the past, protecting your network, data, and devices from cyber threats was IT’s job, not the end users’. Well, times have changed.

Creating a culture of cyber security is the best way to help your employees adjust to that new reality. While raising awareness around the “doom and gloom” of cyber threats is an integral part of any security strategy, it’s also important to focus on the benefits. After all, shared responsibility is a two-way street. If your users are excellent practitioners of security, shouldn’t they also get to enjoy its perks, like greater mobility, access, and productivity? That balance is the give and take between IT and end users, and it’s the hallmark of a cyber security culture that makes risk reduction a priority, while respecting the productivity needs of today’s workforce.

I hope you’ll spend some time with us this week, the second week of National Cyber Security Awareness Month, as we focus on creating that culture of risk reduction in your organization. We’ll showcase how you can protect against common cyber threats, strengthen your resilience, and align your security strategy with the National Institute of Standards and Technology Cybersecurity Framework.

Stephen Nardone, CISSP, is Director of Security Practice at Connection with over 38 years of experience in both the government side and the commercial side of the security business.