Be cyber-savvy: Employees should not be secondary to technology

“Our employees are our greatest asset” is a phrase that continues to be published far and wide in a plethora of company profiles, human resources sections in annual reports, motivational speeches and so much more.

“And while it does sound a whole lot better than a CEO stating ‘our employees are our greatest risk’, in the digital era the second phrase may be more apt,” says Anton Jacobsz, managing director at value-added distributor, Networks Unlimited.

“What must be noted though, is that the ‘employee as a risk’ view is not one where staff members are viewed as malicious criminals. It is acknowledging that employees need to be educated about cybercrime, and how their negligence of company security or naivety about the use of company platforms can put the entire business, its partners, associates, customers and themselves at risk,” Jacobsz points out.

The notion that strong employees are the army to win in today’s highly competitive digital world could thus also be seen as employees standing strong and forming the first line of defence when it comes to fighting impending cybercrime.

At the end of last year, the World Economic Forum published an informative piece by Willis Towers Watson employees, Anthony Dogostino, global head of Cyber Risk, and Suzanne McAndrew, managing director, head of Talent Business. The article states: “Employees can be the strongest asset in an organisation’s cybersecurity strategy. However, it takes more than technology solutions to turn them into your first line of defence against cyber threats.”

The authors list three steps to “help organisations build a strong, cyber-savvy culture”.

Says Jacobsz: “Of interest in the write-up is how the focus remains on traditional human resources basics, that is the 101 of employee behavior, tailored training and skill gaps. It is thus something every organisation can do and which many have also done historically following major paradigm shifts. Of course, changing culture is not simple, but proven practices can be adapted with great results.”

Looking at the steps by Dogostino and McAndrew, the following is highlighted:

·        A cyber-risk assessment survey: “By having employees answer questions related to their awareness of cyber risks and their behaviour in response to threats (for example, does an individual send important or confidential information by e-mail using password protection?), an employer can develop a profile of the groups most in need of attention.”

·        Opportunities to learn: “Because employees will have different levels of awareness and knowledge of cyber risk, it is essential to tailor ongoing training initiatives to different employee groups.”

·        Forward-looking training strategies: “Given the information security skills shortages in many economies and evolving talent requirements, it is essential to assess skills gaps at regular intervals and determine how to best fill those gaps – either by hiring new talent or upgrading the skills of existing employees. An ongoing opportunity to learn new skills also gives high-value employees a reason to stay with their organisation.”

“Cybercrime is on the rise and is here to stay – for now. In this context, company culture can simply not be seen as being secondary to technology. Now, more than ever, it’s time to place your culture in the starting blocks in order to be on your mark, reset any potential weaknesses and go forward at a powerful pace,” concludes Jacobsz.