Anyone who reads business books is familiar with military analogies for many aspects of running an organization – from strategic planning to operational efficiency. Leadership gurus encourage CEOs to read Sun Tzu’s The Art of War to learn strategy, as management consultants cite the work of famous generals for tactical inspiration. And speaking of generals, how many retired soldiers have penned books about motivating your sales force to victory?
Some see wisdom in these parallels between armies and businesses. Others find comparisons between the life-and-death struggle of battle and the dollars-and-cents skirmishes for revenue off-base at best.
But a compelling case for war analogies can be made when considering the current state of cybersecurity. Lives may not be at risk, but livelihoods are. Consider this statistic from the IBM-sponsored “2018 Ponemon Cost of a Data Breach Study”: The global average cost of a data breach today is $3.86 million, with the average cost for each lost or stolen record containing sensitive and confidential information floating around $148. These numbers are enough to put many companies in the red, if not out of business entirely.
Yes, the fight against digital opponents is creating millions of cybersecurity jobs; however, companies of all shapes and sizes across the full spectrum of industries are struggling to fill these positions with qualified technicians as fast as cyber crooks are inventing new malware.
Business security today truly can be cast as a cyber siege in the digital realm.
That’s why we advocate so often in this blog that businesses of all kinds seek help from IT Managed Services Providers (MSPs) skilled in the arts of cyber combat. But we also recognize that defending your company’s figurative battlements takes more than a cyber militia. Your corporate citizens – from C suite to front-line workers must join the brigade -- and the best way to arm them for the fight is cybersecurity awareness and education.
What's the best fortification? Here are five keys to cybersecurity training success:
- Involve Everyone at All Levels – No level of an organization should be exempt from cybersecurity training, especially the firm’s leadership. In fact, having top management participate in programs demonstrates the importance of the issue.
- Design Interactive Programs – Handing out manuals or distributing slideshows alone won’t make much impact or send the right message about the urgency of the issue. Engage staff by working with them one-on-one whenever possible and conducting a lot of Q&A.
- Require Commitment, Enforce Accountability – Equip staff with tools and clear instructions, and then solicit formal commitment to using those measures. To thwart complacency, there should be some form of concrete accountability if individual or organizational adherence to policy grows lax.
- Eliminate Ambiguity – Identify specific actions that pose risks, such as using random flash drives, provide precise instructions for avoiding those dangers. Communicate this information to the company on a regular basis. Cyber crooks work fast to develop new attacks; you should work fast to keep pace.
- Make Training Continual and Vary Techniques – Like any set of good habits, best practices in individual cybersecurity need repetition and reinforcement to take root. Stage training sessions more than once a year, and conduct other activities in the interim, such as newsletters, alerts, security checks, etc.