How to Make Everyone a Defender of Security
Empower all your employees to be responsible for security practices
Who is responsible for security at your organization? Is it the CEO, CFO, CIO, CISO or marketing? The answer is that it's everyone's responsibility. That's right, it's everyone's. But the problem I see in many organizations is that people just don't take it seriously.
For example, have you ever heard any of these phrases before?
It's not my job.
It's not my responsibility.
Nobody ever told me that.
Somebody else can deal with that.
If you have, you are definitely not alone.
In this day and age, many people are simply looking out for themselves and have a single-minded mentality that does not help organizations protect and defend against the ever growing and sophisticated cyber-criminal.
From day one of your career until the day you retire, security should be inserted into your job description. In fact, I believe all information security responsibilities should be clearly defined and written into each and every employee's job description.
An easy way to start empowering your employees to take responsibility for your organization's security is through an awareness training program. Here employees will learn how to take ownership practices and have greater situational awareness of what they are trying to protect and why. After all, if employees have a sense of ownership and responsibility, they typically tend to take more pride in their work because of the positive impact they have on bottom line results, growth of the business and its reputation in the market.
We all know there is no silver bullet solution to combat the rise of the bad threat actors and cyber criminals, but if your employees are educated and their job description requires them to help protect the organization's crown jewels then maybe, just maybe, the chance of that breach goes down.
According to various surveys, 64 percent of high school students in the U.S. do not have access to computer science classes or other courses that would help prepare them for a career in cybersecurity. To top that off, more than 209,000 cybersecurity jobs in the U.S. are unfilled and job openings are up 74 percent over the past five years, with the likelihood of demand growing 37 percent from 2012 to 2022. With this massive shortage of skilled resources, it is now more important than ever to rise up and contribute.
By making a slight inexpensive adjustment to your security policies and additional daily rigor, an organization can see a significant impact in helping your already overburdened security staff. Let your security staff do what they do best, like hunt malware and defend against hackers, instead of always being the ones that are hunted.