The coronavirus pandemic and the Russian invasion of Ukraine significantly contributed to the increase in the activity of cybercriminals. Both big and small companies are also targeted. Ransomware attacks are becoming the standard of the modern world. CEOs and managers know this, but do the rest of the employees do too? How does company culture contribute to increasing cybersecurity?
Today, businesses suffer ransomware attacks every 40 seconds. The numbers speak for themselves – cyber attacks are increasingly common. Companies must properly secure their systems. However, investments are ineffective if the employees themselves do not know or ignore the rules of responsible and cautious use of the internet.
Organizational culture and company security
A properly built organizational culture clearly defines the company’s functioning rules. It is not only about image coherence or the compatibility of the values of the people who make up the organization but also about cyber security. A company culture based on open communication, awareness, and accountability is the key to optimal protection. But how to start implementing it?
Building awareness and a sense of responsibility
Introducing regular employee training should be the first step to increasing your company’s security. No, even the best and most expensive software or equipment will not be effective if the people using them are unable to recognize and report the threat.
Training is not about forcing employees to watch boring lectures or handing them brochures with dry facts and instructions. Of course, communication about threats is important, but training is needed for people to be able to react appropriately during a crisis. Simulations are a good solution – they not only allow employees to familiarize themselves with the plan of action in the event of an incident but also allow management to check whether the implemented processes are effective and what should be focused on more.
Training employees should address the issues that most often cause companies to fall victim to cyber attacks. It is worth theoretically and practically covering topics such as:
- Phishing. This is a method used by scammers to impersonate people or institutions that are trusted – management, co-workers, or business partners. Since the pandemic outbreak, more and more criminals are taking advantage of the fact that people are willing to give them confidential information without checking precisely who they are contacting.
- Use of the software. Building an organizational culture should go hand in hand with investing in security tools. Antivirus software or a VPN with an URL scanner for remote work (and not only) is necessary on every work device, but it is also important that the employees themselves know how and when to use these tools.
- Remote work. After the outbreak of the coronavirus pandemic, remote work has settled all over the world. Many employees do not want to return to their offices if the specificity of the position does not require it. However, remote or hybrid work involves the implementation of security measures and awareness of the employees themselves about what activities are potentially harmful. For example, connecting to company servers via public Wi-Fi without additional security (e.g., in the form of a VPN) is not a good idea.
Constructive communication and safety culture at work
Sometimes even regular training and the most sincere willingness are not enough. Equipment breaks down, and people make mistakes. In building an organizational culture, it is also, perhaps above all, important to create an atmosphere that allows for efficiently detecting problems and dealing with them.
So there is no room for blame or punishment. After all, people who feel comfortable are more likely to point out potential weaknesses in systems, learn from mistakes made and build a company culture based on cooperation and responsibility.