Role of Employees in Cybersecurity

Cyberattacks have been in the picture since the advent of the internet, although insignificantly at first. Few decades hence, each of us supply and consume data with almost every action we perform, so much so that we may now be considered as ‘data points’ in the digital world. Data and information is extremely crucial for any business, and various cybersecurity tools and softwares are deployed in order to guard this data. Despite this, cyberattacks still occur and occur more frequently than ever before. Clearly tools and softwares are inadequate, clearly we’re missing something more. And when one traces back this missing piece, one finds the element that was always there but always overlooked - the human element.?

The human factor is the portal for cyber attackers in majority of the cases (see link to HBR article).

In a five-year research study, the researchers were successfully able to penetrate 96% of the security systems across 1,000 banks just by using human psychology.

Cyber attacks may not only cause financial losses and hamper productivity, but may also dent the reputation of an organisation. In order to shield itself from cyber attacks, organisations need to go a step beyond security tech and incorporate employee and leader behaviour as a part of the company’s culture. This vigilant, security-aware ‘human firewall’ enables a collective effort towards protecting the organisation’s intellectual property and confidential information and must go beyond a mere training session to effectively imbibe mindset and behavioural changes.?

In order to put such a culture into effect, we really like? Robert Cialdini’s work on the principles of influence which may encourage people to support company policies and follow prescribed practices:?

1. People are more likely to comply with policies when they come from a person who is in a position of authority.?
2. People may act consistently in accordance with behaviour they have portrayed in the past.
3. People are influenced by the actions and opinions of the social majority.
4. Treating someone in a certain manner may encourage reciprocity.
5. People will go the extra mile in order to protect something that is seemingly scarce.?
6. People may tend to be more influenced by people who are like them or people they can relate to.

Here are six key recommendations that serve as simple and cost-effective ways for leaders towards the abatement of cyber risks by incorporating a robust organisational culture against it:?

1. A formal security policy: This often makes employees more likely and obliged to follow best practices with respect to confidential information of the organisation. For example, CISCO requires its employees to sign a code of conduct annually to protect the company’s intellectual property and information assets.?
2. Lead by example: Senior leaders should promote best practice and behaviour that is in the best interest of the organisation. Further, they must also share their personal experiences, both positive and negative when they may have not followed best practices, in order to highlight its importance.?
3. Elicit reciprocity: There is a pervasive social norm that dictates if someone gives us something, we feel obliged to return the favour.? Senior leaders should be aware of this powerful influencing technique and use it to strengthen a security-aware culture in the organisation and be creative with ways to engender a focus on security.?
4. Leverage scarcity: Going by the human tendency to preserve what is scarce, leaders can promote security awareness by publishing what classifies as scarce or sensitive information for the organisation, rather than having to constantly protect all information. They must also mention the “why” behind this protection and what the employees and the organisation could lose if the data were to be compromised.
5. Be like those you lead: The leaders can practice empathy and share their own experiences and learnings related to a security culture and how these made them more approachable and identifiable, thereby increasing the chances that others will follow their lead.
6. Leverage the value of authority: Employees are more likely to adopt and follow best practices when they come as instructions from a senior leader or position of authority. However, such leaders must themselves be well aware and must practice what they preach.??

Is your organisation strengthening its human firewall??

Click here for more info!