User education
Everyone knows that, for cybersecurity, 2021 is set to be another huge year. Advancements in technology open up new possibilities, but they also open up new cybersecurity challenges. The cloud is one great example of this. Still, there can be a tendency for companies to want to put too much of the burden for cybersecurity on the users of the system. It is important to understand that this approach can actually have a negative effect if not applied correctly.
Most employees are trying to do a good job and care about keeping the company’s technological assets secure. Still, cybersecurity trends in the industry might make it safer, but they also make life harder for the average user. Password policies across multiple systems mean plenty of headaches in trying to figure out how to log in. Then, there is the constant war with outside entities. You have phishing scams, outright hacking attempts, and the constant threat of ransomware. To a seasoned IT professional, a lot of these threats are easy to spot, but to the average user, it can be really easy to fall for one of these ploys. When we do have an employee that clicks a link or gives too much information, it is very tempting to use a punitive approach to compliance. This often backfires.
There are two possibilities for the users under a punitive-minded cybersecurity policy. They will either be so careful that they are unable to perform basic duties for fear of doing something wrong or they will be so embarrassed or worried when they do something wrong that they will not want to report it to the team. Creating a culture of fear of punishment can actually result in less compliance. There is less trust that if you report something it won’t be used against you in the long run. People will try to cover up mistakes when reporting it right away could stop others from falling for the same scheme and making the company’s systems vulnerable.
For cybersecurity 2021 is a time to think about more of a team concept. As new cybersecurity trends develop, companies should encourage employees to feel like they are all in this fight together. We should reward employees for speaking up and get away from the culture of punishment and embarrassment. After all, the war on cyber-crime will probably not be won at the higher levels of the IT department. It’s the everyday user that will always be the target of hackers, and we must realize that we need every user being vigilant while somehow not making security so intrusive as to make productivity go down. This is the challenge every company faces.