Your company’s cybersecurity culture can reflect your risk for a breach. If your staff doesn’t take cybersecurity seriously or fails to understand the risks of common bad habits, they will likely create vulnerabilities in your network. Learn what mindsets and bad habits lead to a toxic cybersecurity culture and ways to shift your company’s thinking into a security-conscious team.
Barriers to Access = Hassle
There are a lot of cybersecurity tools and strategies on the market, but most involve adding additional barriers between your users and your network. For instance, Multi-Factor Authentication adds a level of security to your login process by requiring a time-sensitive code in addition to your password. It takes a little time to pull up the code via app or text, but this added step prevents a hacker with your login credentials from immediately entering your network.
These barriers are critical in the event of a breach attempt. They can also annoy some users. If your employees view cybersecurity as a “hassle” or annoyance, they are less likely to follow your company’s security protocols. Just one mistake by one employee can devastate your business. It’s important to foster a company culture that takes cybersecurity seriously.
BYOD is the Norm
With the boom in remote and flex work, more and more companies are leaning on employees’ personal devices or loosening their BYOD (Bring Your Own Device) policies. From a cybersecurity standpoint, this is a very bad shift. Company devices can have agents installed for remote access, VPN tunnels, anti-malware, and content filtering. But many people aren’t comfortable adding all of these to a personal device. You also don’t know what employees are using these devices for in their personal time and whether sensitive company data on the device could be intentionally or inadvertently disclosed. For example, if an employee goes to a suspicious website on their personal computer after-hours and accidentally downloads a virus, now whatever data or access the employee has to your company from that computer is in the hands of the hacker.
My Way or the Highway
Everyone has preferences when it comes to how they get their work done. Allowing your staff to use the software and tools they’re most comfortable with can increase employee satisfaction and productivity. But when it comes to cybersecurity, it’s important to establish company-wide policies and procedures that every employee sticks to; being “flexible” with tools like MFA or VPNs leaves vulnerabilities in your network.
Sticky Note Nightmare
It can be hard to keep track of passwords, especially if you use a lot of different software applications. It’s all too common for people to track passwords using sticky notes or reuse the same password. This means anyone can walk into your office and see a password that gives them access to most, if not all, of that employee’s accounts. The best practice for passcodes is to use a long but easily-remembered phrase, with special symbols, and to use a different passcode for every login you use. Obviously, it can still be hard to remember them all; that’s when a password manager like LastPass comes in handy. These managers are protected by a master passcode and MFA, making them much more secure than a physical sticky note.
Trust, Don’t Verify
The most secure network follows a “Zero Trust” model, which authenticates, authorizes, and monitors every user every time they access the network. This prevents the user from accessing systems or data they are not authorized to use, and keeps the network safe if a user’s laptop or other “authorized” device is stolen. If your company keeps all users logged in to your information system without any time limits, monitoring, or additional authentication, it would be very easy for a bad actor to breach your network from any open workstation. While Zero Trust can be difficult for smaller companies to implement, it should at least be a goal for your organization to work towards.
Fostering a Strong Cybersecurity Culture
Every workplace has its own culture. If the toxic cybersecurity culture traits in this article seem a bit too familiar, now is the time to work on a culture shift. Security Awareness Training and cybersecurity education are great ways to teach your workforce about the importance of cybersecurity. For more tips and a cybersecurity consultation, contact your Digital Agent.
Kate Lewis
Technical Writer & Content Strategist
Digital Agent
Follow Us:
