Ensuring a culture of security awareness

Cybercrime has become a global “pandemic” – in fact, PwC documents that it is the second most reported crime worldwide. So sophisticated are its leaders, strategies, and digital tools that it has evolved into “cybercrime as a service.” It is costing organizations $600 billion annually, triggering compliance fines, alienating customers, and damaging brands.

These alarming headlines have pushed organizations to concentrate on defensive measures. However, too often, leaders overlook the internal cultural changes that can significantly mitigate their exposure.

Priorities are the Culture

Culture has become a popular buzzword, taking on many meanings. However, in terms of managing organizations, “culture” has a simple definition: The impact of a company’s priorities on how things get done. Those priorities force people into habits—some good, some that can create vulnerabilities.

The proven way organizations, large and small, can go on the offense is to create a culture of security awareness. This allows them to protect their network security at a time when operations require more and more third-party software support. A Verizon Enterprise study found that 73% of security breaches are caused by a third-party component. A secure enterprise/vendor relationship is built on policies, procedures, and personnel habits that limit risk.

Creating Habits

Promote these five habits to develop a culture of security awareness:

• Common-sense caution. The classic example is refraining from ever opening attachments on an email. Verizon documented that 92% of cyberattacks originated with email.
• Continually assessing how much access each third party should have. This establishes vendor accountability.
• Controlling passwords. Compromised credentials are at the heart of 62% of network intrusions, reports a Microsoft study. Access management is an essential element of security culture. Third-party vendors should never see network credentials, and two-factor authentication must be required.
• Respecting industry regulations. Compliance is everyone’s business.
• Leveraging high-definition auditing tools. The ability to establish user accountability is key in addressing vulnerabilities. “Audit trails” provide priceless data for ongoing systems modifications and activity forensics.

Offense changes the game

Among the best practices for establishing the “right” culture for being on the offense are the four must-dos:

• Agree on a common security vision. That requires buy-in from the top.
• Make all employees recognize that they are the front lines of security. This should never be a stand-alone function.
• Train. Train. Train. Education begins on the first day for the new hire and extends until the last day on the job.
• Reward conformance. Incentives keep vigilance intense. Employees become the human eyes and ears for spotting vulnerabilities, including internal and third-party partners.

Creating a culture of awareness is the best way to mitigate security risks.  You have a host tools and talented personnel dedicated to DEFENSIVE strategies. Now it’s time to involve the entire organization – because a strong OFFENSE changes the game.

About SecureLink

SecureLink is the leader in managing secure third-party remote access and remote support for both highly regulated enterprise organizations and technology vendors. SecureLink serves more than 30,000 organizations worldwide. World-class companies across multiple industries including healthcare, financial services, legal, gaming and retail rely on SecureLink’s secure, purpose-built platform. SecureLink is headquartered in Austin with offices in San Jose, Costa Rica. To learn more, visit securelink.com.