Defense in depth using multiple layers of security technology is critical in protecting your organization from cyber attacks. That’s a given. However many CEOs and business owners still have trouble understanding how company culture can play just as big a role in your cyber survival. The common belief in most organizations is that they will never be attacked when most likely they already have and they just don’t know it. By coming to this reality and promoting a culture of vigilance CEOs and business owners can help prevent new attacks and contain ones that have already occurred.
So what types of things should they be doing to promote this culture of vigilance? To begin, they should be training employees early and often to be aware of the dangers that exist to the organization from cyber threats, and the affects it can have on the business if they are not careful. Recent studies show that 60% of small businesses breached go out of business within 6 months of said breach. That means those employee are all out of jobs! Making employees understand the real downside to them can be very powerful as they are making decisions about how to act when working with the company technology.
Next you should test their knowledge using social engineering techniques such as controlled phishing campaigns to see who was paying attention and who needs more training. This is not intended to embarrass or punish anyone, simply to emphasize the point about how important being vigilant is in a world where attacks are the norm not the exception.
Lastly you need to ensure that you are looking at your infrastructure from a hackers point of view to see where the possible breach points are and how you can protect yourself. Believing that these threat actors actually exist and employing the types of techniques they would use to infiltrate your organization and ex-filtrate your data is critical to your success in defending against them.
Employing these types of methods to instill a culture of vigilance in your organization can be the difference between being part of the 40% of business that survive and the 60% of business that fail after a breach happens.
Guest Blogger Michael Giuffrida has been growing and operating secure, profitable businesses since 1997. He is an experienced entrepreneur specializing in managed information technology and security services.