Recently, Awecomm conducted our 2021 Technology Strategy Trends survey that went out to businesses in South-Eastern Michigan. There were a number of surprising results from this survey. One result we found especially interesting was that 45% of businesses indicated that they felt they qualified as a security-focused organization. While this percentage is great to see, it surprised us because we’ve rarely seen security-focused organizations out in the field. This begs the question: do organizations know what it means to be security- focused? Why is it important, and what does it take?
The 3 Main Components of a Security-Focused Organization
You have the right security tools in place and policies for those tools
First off, do you have the right tools in place to secure your business? Your devices, WiFi, and applications are probably password protected, but this alone is not enough to keep sensitive information safe. Consider implementing the following tools if you have not already done so:
Add another layer of protection by implementing a multi-factor authentication solution like DUO SSO. This provides a seamless authentication experience and minimizes the number of passwords to remember while keeping data secure. When using single sign on, you verify your identity using an additional authentication method like your mobile phone to prevent anyone but you from logging in, even if your password has been compromised.
Not all devices need to be hacked to cause a breach. Many are stolen, so you must make it hard to access the information within them. Most laptops (Windows, Apple) can be encrypted for free by using built-in tools like Bit Locker and FireVault. Additionally, most Apple and Android devices come encrypted by default (check under security in the settings menu). Here’s an easy guide to get you started from Gizmodo. Encrypting your laptop or device can go a long way in preventing a thief from gaining access to your data.
Password Management Tool
It’s common knowledge by now that each password you use to protect your data needs to be complex and unique. The problem is that these are difficult to remember, so people usually resort to storing them all in a word document or in the Notes app on their phone. If this document got into the wrong hands, that opens the possibility of someone gaining access to all your important accounts and information. Using a password management tool, on the other hand, is proven to be extremely safe and free at the most basic level. There are many different options out there, but the three most popular are LastPass, Dashlane, and 1Password.
You’ll also want to consider less obvious areas that need protection, like social media (that of your organization’s and that of your employees), how sensitive information is handled, and security protocols for applications and software. If you use SaaS products, be sure to check your agreements for proper security and make sure cybersecurity policies fill any gaps.
All the areas above need policies around them to provide clarity for your team. Consider implementing an Acceptable Use Policy, which defines how your organization’s hardware should be used and explains the security around the equipment. Other policies can be put in place to define which information systems and data the employee has access to, password lifecycles, and the use of personal devices at work.
You provide security training for your employees
Whether provided by your company itself or your IT provider, technology training should always be given to employees. This includes insight into any security tools you use, as well as a set of communications and actions that communicate the importance of protecting company data. Training should also provide basic information regarding the tools you’re using, tips for spotting suspicious links or suspicious activity, and updates on current threats. Keep your team informed when ransomware or a phishing attack is on the rise so they can be extra cautious.
Create a data breach plan that outlines a set of actions and communications required in the event of a breach and provide this to your team during these trainings. The more transparent you are about these threats and the more consistent you are about training, the less vulnerable you will be to an attack. Check out this blog post to learn the impact effective tech training can have on your organization.
You integrate data security into your workplace culture
Integrating security into your company’s culture requires time and effort. Since the majority of data breaches happen due to human error, you must instill the idea that security is a part of everything your team does. You can train your team to recognize threats, but they must feel attached enough to their workplace to feel the need to keep it safe. They need to truly understand the risk to the business and by extension the risk to each employee. One way to do this is to let everyone know, from the CEO down to the new intern, that they play a huge role in the business’s security efforts. You can go a step further by incorporating security messaging into your mission statement and other brand messaging.
Another way to do this is to make your meetings on security awareness and training fun. Buy lunch or breakfast for the team. Host meetings during a “happy hour” at the office. Offer some time to socialize before diving into the serious stuff. During these meetings, give a shout out or reward to those people going above and beyond to protect the company from threats. Make everyone feel important because they are! They are on the front lines protecting your organization from attacks. Let them know how much you appreciate that.
There has never been a better time to make data security a priority for your organization. Remote work poses many potential risks to businesses. Even if your entire team is still in the office, it is important to know that as long as technology continues to advance, so will threats to that technology. Beginning the process to implement these three components will take some time and investment. Keep in mind that the alternative is a data breach that could cost hundreds of thousands to remedy.