In the Solutions Review Cybersecurity Best Practices articles, we have a common refrain: your employees are your enterprise’s biggest attack vector.
This means that your employees constitute either your greatest strength or your greatest vulnerability, depending on their knowledge of and training in cybersecurity best practices. Obviously, deploying and maintaining a cybersecurity solution is an essential aspect of any security scheme. However, every solution needs to be paired with human cybersecurity to function optimally.
On the more technical side, only human cybersecurity can sort through the deluge of security alerts generated by SIEM or EDR solutions. On the more day-to-day side, only human cybersecurity can maintain your enterprise’s IT perimeter by preventing phishing attacks from entering the network. Therefore, strengthening your human cybersecurity is of the utmost importance.
So how can you get the most out of your human cybersecurity?
Transform Your Human Cybersecurity Into Your Tech Talent
According to a recent survey by LinkedIn and Capgemini, 55% of enterprises feel that the digital talent gap was widening, especially in cybersecurity. 54% said this widening gap is hampering their digital transformation programs, costing them a competitive edge.
The reasons why are hard to pin down. The growth of cybersecurity jobs might outpace the number of actually qualified STEM graduates. Alternatively, companies might be asking for levels of experience actually impossible to achieve. Either way, there are 3.5 million unfilled positions in cybersecurity, according to Forbes.
In that same LinkedIn/Capgemini survey, 42% of employees feel that in-house training technology programs are “useless” and “boring.” Yet those in-house training programs are the best way to ameliorate the technical knowledge training gap. Many of your employees might have hidden STEM talents and interests not fostered by the American education system. If you can’t appeal to these buried interests, however, buried they will remain.
Instead, you need to make your technology and cybersecurity training as compelling as possible to get your employees engaged. This can be done through elaborate team exercises or even through everyday gamification. This will help you educate your employees on best practices, encourage them to incorporate into their processes, and find the shining hidden talents in your staff.
If you think of finding tech talent in your human cybersecurity as farming, think of engagement as water. Talent can’t grow in a drought of interest!
Curtail the Unexpected in Your Human Cybersecurity
Recently, Telstra—Australia’s largest telecommunications corporation—ran a phishing exercise to evaluate how ready their employees were to deal with a social engineering attack. The message, sent to multiple employees, tried to convince them to click on a message notifying them of a package in the mailroom.
While some employees did fall for the scheme, most of them instead went to the analog mailroom to determine if they did indeed receive a package. It ended up crowding the mailroom, causing confusion.
The incident illustrates an oft-forgotten truth: human cybersecurity is an essential resource but one with the least predictability. A cybersecurity solution will respond in recognizable and rational ways to a possible threat. Humans aren’t guaranteed to do the same.
Therefore, to make the most of your human cybersecurity, you need to minimize this unpredictability as much as possible. Having, implementing, and training your employees in an incident response plan is thus an essential first step. It helps employees understand the lines of communication and chain of command regarding cybersecurity. If they suspect a threat, they will know who to contact and how, instead of flooding individual departments with inquiries.
Your human cybersecurity shouldn’t clog up your other business processes in trying to stay safe. They should instead work with them to create the strongest perimeter possible.
Don’t Inspire Paranoia
If you have even a passing knowledge of modern cybersecurity, you probably have what might be termed “the burden of knowledge.” You know what could really go wrong if your human cybersecurity or endpoint security fail. You know how much damage your enterprise could suffer, both short and long-term, as the result of a data breach. You know how varied the digital threats are and how quickly those threats can evolve to penetrate your network.
However, we as a field can allow our (well-justified) concerns to become paranoia, and the unfortunate truth is that paranoia is rarely productive. If employees become convinced hackers will penetrate the network no matter what they do, they may become more neglectful in their actions and create a self-fulfilling prophecy. Others might become paralyzed with fear of the wolves behind the digital door. The former creates a new kind of security hole, while the latter can damage your productivity and business processes.
As part of making the most of your human cybersecurity, show your employees the impact they can have on your digital safety by following best practices. A simple change in tone and emphasis—from reaction to proactive, from being driven by fear to being driven by determination—can make all the difference.