The number one reason for cyber attack breaches isn't technology malfunction, it is people. Employees' behavior represents on of the biggest risks to cyber security. Organizations attempt to manage cyber risk through technology solutions. While ensuring that your technology stack meets current security standards is crucial, the mere presence of this technology won't ensure cyber security. The missing link is your employees behaviors.
Employees' behavior represents one of the biggest risks to cyber security.
Many organizations offer online training to educate employees on security issues. While training is a useful foundational step, it can't be the only step. Building cyber security into everyday decisions, actions, and behaviors is crucial to ensuring cyber security. Managers need to make cyber security part of their management process. Making is part of team meeting agendas raises awareness and allows for sharing of best practices. When projects are being undertaken, part of best practices include assessing technology and data security. Technology management must be integrated role responsibilities across the organization. In addition, technology management including cloud service upgrades, certificate renewals, and vendor security protocols must be monitored.
Managing an organization's technology adoption and change process is crucial to ensuring data security.
From a people engagement perspective, managers need to regularly engage with their team on the issue of data security. While policies may exist about keeping desks clean, securely storing laptops, and not emailing personal identifiable information (PII), it is up to managers to have regular checkins with employees on both physical asset and data security. Employees need to understand how to work securely especially when using a public access WIFI. With the increasing prevalence of work from anywhere, the need for engaging employees on data security is especially crucial.
The following is a list of six top mistakes made by organizations when managing their technology stacks and digital transformation highlighted in a recent WSJ article
1. Focusing on technology rather than employees
2. Depending upon training rather than behavior change
3. Leading with poor examples
4. Not analyzing decisions through a cyber security lens
5. Focusing on prevention at the expense of building resilience
6. Underestimating the competitive advantage of building security and resiliency into your organization.
If your organization has been involved in a significant cyber security breach, these points will resonate with you. Managing an organizations' digital transformation adoption and change process is crucial to ensuring data security. Tool selection and management is only part of the process for successfully leveraging technology. As we evaluate an organization's risks and opportunities, cyber health and resiliency must be on leadership's top priority list. In our practice, we often say, more than 50% of a digital transformation budget must be allocated to adoption and change management. Once a digital transformation has been completed, digital and AI tools and processes must continue to be integrated into roles and responsibilities for ongoing monitoring and support.