With more consumers than ever before storing confidential financial, health, and other personal data in the cloud or on their mobile device, data security is front-page news. High-profile stories of electronic espionage are rampant, giving consumers pause about the safety of their confidential information and making executives nervous. In a recent survey of CIOs from across the country, 18 percent said their organization had experienced cyber threats or data breaches in the last year.
What’s more, only 38 percent of CIOs surveyed said they feel their company’s employees are very knowledgeable about basic security protocol, such as avoiding unsecure sites and unverified apps, and over one-fifth said they do not have a big enough budget to keep their firm’s data safe — a worrying sign that some companies aren’t walking the walk when it comes to taking data breaches seriously.
Building a security-savvy company requires creating a culture of e-safety. Here are some tips to help you get there.
Hire the right people for your security team
The first step toward neutralizing cyber threats is determining whether you have the existing in-house capabilities to implement a robust cybersecurity framework or if you’ll need to hire additional staff and/or engage consultants.
It’s critical to evaluate data-security candidates in these three areas:
- Certifications: There is no industry-wide requirement for a security expert, but most companies seek out common IT certifications such as CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager) or credentials from CompTIA.
- Future focus: Due to the evolving nature of cyber threats, security experts must be innovative and intuitive. That way they can help you develop a framework that allows your business to grow while keeping your data safe.
- Soft skills: For best results, your data security team needs to work well with people in every department. This means having good interpersonal skills, such as the ability to “translate” IT-speak for non-technical audiences and get stakeholder buy-in for major projects. You can test candidates’ judgment and communication abilities by asking hypothetical questions, such as, “How would you train senior management in a new security procedure?”
Recognize that cybersecurity is everybody’s job
From an organizational point of view, cybersecurity is often considered a subsidiary of the IT department, something for just the CIO or CTO to worry about. In this digital era, however, data security is everyone’s business.
For most organizations, the biggest threat is not outsiders hacking their databases, but rather insiders who don’t understand how to prevent data breaches. This is the weakest link in any security system and it comprises everyone who touches company data. Whether employees fall for tricks such as phishing scams or lose company mobile devices, your staff could expose you to data breaches that your security team cannot prevent.
Effective internal training is key. The CIO survey revealed some popular approaches to this issue. Almost seven in 10 of respondents said they organize regular information seminars for company employees, and 49 percent sometimes test staff by sending fake phishing emails and observing how people respond.
Another fun method used by 59 percent of respondents is to gamify data security. They hand out points, badges and other forms of recognition for positive actions such as reporting phishing emails, preventing tailgating at entrances (because physical security is a major part of data security) and keeping software up to date.
Becoming a security-savvy company is a basic matter of reputation and corporate survival: If customers aren’t confident they can trust you with their data, you soon won’t have many clients. Making that journey means getting the right expertise and creating a security culture, but most of all it means getting everyone to take data security much more seriously.
David Sheehan is a branch manager of Robert Half Technology, a leader among IT staffing companies that provides skilled IT professionals to match IT staffing needs. He leads staffing and recruiting for two Robert Half companies, Robert Half Technology and The Creative Group, in metro Atlanta.