A recent study
by the University of Phoenix reveals that, despite the rising tide
of cyber attacks across businesses and industries around the world, more than
20% of US adults never have heard of popular cybersecurity jobs. Only in one in
10 survey respondents were familiar with cybersecurity job titles, while two of
every 10 had never heard of them. Per a report
covering the research in TechRepublic,
U.S. adults were most unfamiliar with penetration testers (52%), white hat
ethical hackers, and computer security incident responders (46%).
“This unawareness and lack of knowledge on
cybersecurity leaves Americans even more vulnerable to attack,” wrote TechRepublic reporter Macy Bayern.
So, if employees know little to nothing
about who helps them protect their company from cybercrime, then as the CompTIA
Cybersecurity Advisory Board puts the issue in its recent executive
a Culture of Cybersecurity,” employees become the biggest
cybersecurity risks your business faces in today’s heavily digitized
But there’s a paradox here. While employees
are your biggest risks in cybersecurity terms, they also are your greatest
asset when establishing cybersecure culture within your firm. In a true sense, you
cannot do it without them. That’s why we advocate so heavily for cybersecurity
awareness and education – and advise senior executives of small to
mid-size businesses (SMBs) to lead the way.
3 – Your Employees Are Your Biggest Risks – And Assets
We gleaned three points from CompTIA’s white
paper to help you take initiative in cybersecurity training:
- Work from the Top Down – Upper management (like you) has outsized
access to data but often receives less training. Training in everyday
cybersecurity measures can help you and your top-level managers evaluate risks
and behaviors more effectively – in yourselves and your staff. When we wrote
“lead the way,” we were being literal.
- Keep It Crisp, Keep It Going – Make training for all employees short,
frequent and grounded in real-world scenarios regardless of level of authority
and work responsibility. Conduct sessions in small, digestible units. And then,
seek feedback. Which cyber-threats are employees seeing out there? How have
they changed their approach to these threats? Are they reporting issues to the
IT team? Your follow-up questions should reinforce the cybersecure values you built
into your company structure.
- Control What You Can – No organization of any size in any industry can
eliminate human error completely from business operations of any type. So, your
company always will have some level of cybersecurity risk. But you can mitigate
and minimize this risk by restricting access to data. Gather accurate data from
across your organization on how many users have access to what levels of data—especially
your “crown jewels.”
need to go it alone. Your IT Managed Services Provider (MSP) can
support and help with your cybersecurity awareness and education programs.