How to Make Sure New Cybersecurity Processes Take Hold in the Office

Enterprise IT teams are well aware of what it takes to keep their networks safe — it’s getting the rest of the employees to play their part that’s the real challenge.

Rapid advances in technology have undeniably changed the way we approach nearly every aspect of our lives, but at the end of the day, they’re still just tools — and like all tools, they’re prone to the effects of user error. According to IBM’s Cyber Security Intelligence Index, an astounding 95% of all cybersecurity incidents involve some sort of mistake made by a human user. Sometimes these mistakes can be traced back to a company’s IT team, but in the vast majority of cases, nontechnical employees are the guilty party.

Preventing these errors is a two-pronged endeavor. First, IT professionals must craft a set of cybersecurity protocols that fit their company’s unique needs. These will typically include things like password complexity requirements, fine-grained account permissions, bandwidth limitations, and firewalls. Second — and this is the hard part — IT professionals must get these protocols to stick.

Most of us don’t enjoy making changes to our routine, especially once we’ve settled into a groove in our place of work. This all-too-common resistance makes it remarkably difficult to maintain robust cybersecurity across an entire enterprise. That said, with a bit of patience and a good deal of hand-holding, a talented IT team should be more than capable of protecting their company from its own employees without ruffling too many feathers.

Training, Training, Training

While it’s tempting to rush headfirst into a cutting-edge, forward-thinking cybersecurity regime, a measured rollout is almost always your best bet. IT teams should inform non-technical employees that a change is coming well in advance, and be as forthright as possible about why they are initiating this change (and why now). Just as technology benefits from a “burn-in” period before being deployed in the field, employees need time to work out any confusion or misconceptions they may have about the new protocols before they’re entrusted to enact them.

First and foremost, this requires comprehensive, ongoing training. Whether an enterprise is adopting an entirely new software suite or simply making minor adjustments to its existing password protocols, it needs to provide its employees with clear instructions as to how their behavior should change.

If the new cybersecurity protocols are at all far-reaching, a training seminar is probably in order. That said, such “classroom” learning must be augmented with on-the-job follow-ups, as adhering to a set of protocols in the “real world” is much different than watching an IT administrator demonstrate them on a projector.

When cybersecurity training is executed well, it reduces the per-record cost of a data breach by as much as $8 — or more than 5%. Unfortunately, as recently as two years ago, nearly half (45%) of US workers claimed that they had never received any form of cybersecurity training at work.

Once they’ve had time to “live with” a set of new cybersecurity protocols for a week or two, employees are bound to have questions about possible exceptions to rules and/or proper execution of specific actions.

As such, it’s often helpful for an IT team to assign a “specialist” to each new change in protocol — someone whose job is to address any and all inquiries employees may have throughout the transition process. The faster and more effectively this specialist is able to resolve any issues, the more readily employees will adopt new protocol changes in the future. It is therefore very important to fill this position with someone who is both a skilled technician and an adept (nontechnical) communicator.

Completing the Cybersecurity Picture

Ultimately, no matter how refined a company’s cybersecurity training is, there’s simply no way to guarantee that it won’t fall prey to a devastating cyber attack today, tomorrow, or the day after. Building employee awareness is absolutely critical, to be sure, but it’s only one piece of the security puzzle. Securing one’s networking infrastructure, for instance, is just as important.

That’s why many companies choose to augment their internal protocols by forming strong partnerships with cybersecurity experts like Turn-key Technologies (TTI).

At TTI, we have more than two decades of experience designing, building, and monitoring corporate networks that are as high-performing as they are secure. We recognize that cybersecurity is a team effort, and we’re ready to play any role necessary to help our clients avoid suffering a headline-grabbing hack.

By Tony Pugielli

04.20.2018

Sign up for the TTI Newsletter