Build A Culture Of Cybersecurity To Protect People From Cyber Threats

October is Cybersecurity Awareness Month, an annual event that promotes safe online behavior and encourages organizations and individuals to do their part in the fight against cybercrime.

With the growth of online threats and increased digitization of our personal and professional lives, maintaining safe online behavior has become essential in organizations’ efforts to halt devastating cyberattacks.

Building a culture of cybersecurity that permeates every layer of the organization is an important step to push back against cyber threats and ensure companies can work protected.

Read Also: CA And Tech Giants Launch A Cybersecurity Bootcamp And Hackathon

Cyber threats put security awareness in the spotlight

In Mimecast’s State of Email Security 2023 report, two-thirds of South African respondents said cyberattacks are growing increasingly sophisticated. 52% reported being harmed by a ransomware attack, while 92% said they were targeted by email-based phishing attacks.

In response, organizations are deploying layered security strategies that protect data and communications. Additionally, one of the most important components of any strategy is protecting people, which includes offering regular and impactful security awareness training.

Unsurprisingly, 99% of organizations surveyed as part of Mimecast’s State of Email Security 2023 report provide some form of cyber awareness training to their employees. By educating employees about different types of cyberattacks and how to avoid them, organizations minimize the human errors that are often the cause of breaches.

Yet, despite offering training, eight in ten respondents still believe their company is at risk due to inadvertent leaks by careless employees.

Why the disparity?

For starters, just because training is being offered, doesn’t mean it’s happening on an ongoing basis. Regular training will constantly remind employees of safety best practices, keep cybersecurity top of mind, and acquaint them with the latest cyberattack types and techniques. This is the first important step in creating a cyber-aware culture.

Measuring for success

One aspect of organizations’ security awareness efforts that is often neglected is measurement. Without measurement, organizations can only hope their awareness training efforts bear fruit.

After all, employees simply going through the motions of the security training program are unlikely to offer much resistance against cyber threats. What matters is that the awareness training program changes behavior.

And while organizations can certainly augment their human capabilities with security solutions designed to detect and avoid threats – for example, AI-powered security providing contextual warnings to end-users in real-time – nothing can match a cybersecurity culture that permeates the entire organization.

An important step toward establishing an effective security awareness program is setting top-level goals such as risk reduction, enhanced workforce behavior, and reputation protection.

When these goals are tied to broader business objectives, security teams are more likely to design and implement security awareness programs that support business priorities, empower employees, and strengthen the organization’s security fabric.

Building a cybersecurity culture

While every organization’s needs will be unique, the common qualities of an effective security awareness program include:

Starting with the basics

Although cyberattacks are growing increasingly sophisticated, it’s important to start with the basics. This includes healthy password hygiene (such as using complex passwords and not relying on single passwords for multiple online accounts), basic device safety (such as never leaving a laptop or computer unlocked and unattended and locking smartphones with passwords), and eliminating physical security mistakes such as leaving passwords stuck to laptops with sticky notes.

Read Also: Working Remotely: 5 Steps To Protect Yourself From Cyberattacks

Fighting the phish

In the past year, 59% of local organizations that formed part of Mimecast’s State of Email Security 2023 experienced an increase in email-based phishing attacks as the use of email continued to rise. Organizations should train employees to spot and avoid suspicious emails, links, and text messages and show examples of emerging threats, such as deepfake audio and videos.

Collaborating carefully

Collaboration tools have become indispensable to the hybrid work environments that have become the norm over the past few years. These tools can also introduce enormous risks to organizations. In new research by Mimecast, 93% of South African cybersecurity decision-makers said they have experienced a cyber threat via collaboration tools. And despite 79% saying they had effectively communicated the security vulnerabilities of collaboration tools to employees, 41% of employees claimed they hadn’t received any collaboration tool security training. To close the gap, organizations should provide specific training about the security risks inherent in collaboration tools.

Removing the fear

Companies that utilize emotive topics for the simulated cyberattacks they deploy as part of their training, such as emails about bonuses or salary increases, risk creating barriers to learning among employees. Instead, organizations should remove fear or resistance with simulated phishing tests that are more likely to make them stop and think, prompting positive employee actions. For example, avoiding clicking on risky links and reporting threats to security teams. The focus should be on rewarding safe online behavior, not tricking or punishing employees.

Read Also: Communications Authority Goes Ham On Training Young Techies On Cybersecurity Skills