With the pressure of digital transformation on companies today, executives need to consider how to keep their organization safe amidst rapid change. Most businesses cover their security bases with the basics: advanced analytics, technology using machine-learning and AI, and baseline protocols. But in the face of today’s rising threats, the basics may not be enough. On top of that, the need to keep up may lead to oversight of key security measures.
A McAfee cloud security report last year found almost 40% of cloud services are commissioned without the involvement of IT. As a result, 65% of IT professionals think this interferes with their ability to keep the cloud safe and secure. The responsibility of safeguarding businesses must now extend beyond the purview of IT. So, what can leaders do to ensure they’re protecting their companies? McAfee has identified key first steps to build the foundation of an organization-wide culture of security in which every employee plays a role.
Begin with a vision and values that prioritize security
Employees can be the best defense or the greatest vulnerability when it comes to cybersecurity. Whether your company is in the business of security or another industry, getting staff to keep security top of mind in everything they do is critical. This begins with embedding security into the vision and values of the organization from the top down.
While McAfee has the advantage of its teams already living and breathing cybersecurity every day, CEO Chris Young knew more was needed to create a culture of security people truly owned. The leadership crafted The Pledge, a commitment all employees make to crystalize their dedication to security. To keep this top of mind, copies of The Pledge are posted throughout the office and included on notebooks and badge cards. Visibility and reinforcement from leadership is essential to maintaining the importance of this value.
Employ technology that supports rather than inconveniences
All too often new systems are put into place without considering the practical application for users. Change is always hard, but when technology updates result in additional steps or obstacles for employees, chances are they’re going to look for a shortcut. But these types of workarounds open doors to exactly the risks IT and security teams are working to avoid. By implementing technology systems that motivate staff to make smart decisions without overly burdening them, structures are put in place to inherently encourage secure behaviors.
Think security-first across all teams
It’s not enough to train employees to be security-minded in their online activities. Organizations need to think beyond that initial vulnerability and build security into every aspect of their business. This could include planning a step in the product design process that considers security implications. Or when drafting partnership agreements, a new clause may be added to cover security risks and protocols. HR teams can introduce a security-first mentality right from the start through the hiring and onboarding process.
Businesses have too much to lose if they don’t prioritize security at every level. Cybercrime costs companies hundreds of billions of dollars annually, even putting smaller firms out of business entirely. With more and more data to protect and cyber threats continually evolving, everyone must play a part in creating a culture of security.
Every executive wants to be sure they’re doing everything they can to protect their company. These starting points for building a foundation of a culture of security across your organization will help you think through your approach.