Image credit: Pixabay
Companies were steadily moving online long before the COVID-19 pandemic presented itself, but there were still holdouts reluctant to move on from their old working methods. The pressing need to keep away from office life changed everything almost overnight, birthing the current state of affairs: any company that can’t (or won’t) operate online will struggle to survive.
While the route to digital viability isn’t particularly intimidating at this point, with intuitive site builders removing the challenge of web development and familiarity with the tech world being at an all-time high, there are still challenges — and security is among the biggest.
Everyone knew how to handle security for a conventional office. Use locks, get a reliable alarm system, hire security guards to do regular sweeps, and avoid displaying valuable items. But how do you handle security for an online company? Cyber security is a different thing entirely, after all. It obviously requires comprehension and action, but there’s something else, too.
That something is company culture. Before you can nail your cyber security, you need to put some serious work into honing your company culture. Allow me to explain why.
Investment in employee wellbeing earns vital loyalty
It seems likely that most uses of the word “disgruntled” pertain to employees turning against their employers. When someone gets sufficiently frustrated with how they’re treated, they can reach the point of wanting to do whatever will spite their boss the most — and this can easily lead to the decision to undermine security (or even directly leak data).
Sabotage from within is something that you can’t effectively guard against through regular security processes. To prevent it, you need to focus on making your employees content in their roles. How broadly are you supporting them? Do you encourage people to take time off, reassuring them that their jobs are safe and you want them to be happy?
You should also make an effort to make useful suggestions and share relevant resources. Exercise is important during these tricky times, so why not recommend some exercises suitable for home workouts? There’s a great list of bodyweight exercises at SELF, for instance. And since we all have more free time, we can use it to improve our professional and personal prospects. Pointing people to productivity resources can help them get into healthier patterns (though be careful that you don’t come across as preachy).
Strong communication will work to reduce human error
Outright sabotage isn’t necessary for security to be impacted, of course. It’s far more likely that people will simply fail to understand what’s required of them, or why it’s so important that they follow instructions. When such an issue arises, it’s assuredly the result of poor communication — possibly between you and your employees, or perhaps between the workers.
Suppose that you rolled out a new guideline concerning password security, passing it to your team leaders and expecting it to filter to everyone in your company, but found that various workers didn’t understand it properly. This would tell you that your process of disseminating information needed improvement. Everyone should know it well.
Beyond telling people what they need to do, of course, you need to explain why they need to do it. An employee who’s loyal and understands your security processes might decide to disregard them because they don’t see them as important. Detail to everyone how enormously things can go wrong if your data isn’t suitably protected, and it’ll guard you against such a decision.
A good way to do this is by creating an internal knowledge base: tools like Crisp are typically used for helping brands serve their customers, but there’s no reason this type of technology couldn’t be used to ensure employees are kept informed about important company policies and procedures, including cybersecurity best practices.
You need people to feel comfortable noting their mistakes
Lastly, we must acknowledge another issue that gets in the way of security: people being scared to mention it when they get things wrong. If one of your employees isn’t sure about one of your security requirements, will they feel that they can tell you about it and not receive excessive criticism? If they suspect that you’ll be mad at them, they might keep it quiet.
And what if someone makes a major mistake like leaving admin login details on a post-it note in a public place? If they tell you about it, you can simply have the password changed and give them the new one: no harm, no foul. But if they don’t mention it then you can’t do anything about it, and those login details can be used against you.
We’re all suffering from caution fatigue to some extent, so mistakes are inevitable. Make it incredibly clear that the best thing your workers can do is be honest with you about any issues they face or cause, and back that up with your actions. If you can do those things, you should be able to proceed with much greater confidence.
These reasons outlined above highlight why it’s so essential to foster a healthy company culture when it comes to ensuring everyone is on board with cybersecurity. By prioritizing employee wellbeing, communicating effectively, and ensuring everyone feels comfortable in the workplace, you’re at less risk of suffering a catastrophe due to employee disgruntlement, ignorance, or apathy.
