Leading the Charge in Cyber Awareness: How Business Leaders Can Set the Right Tone

Imagine this. You invest hundreds of thousands of dollars in the most state-of-the-art cyber security infrastructure, and a single click on a malicious link by an uninformed employee jeopardizes your entire organization.

Hopefully, that’s still a scenario you have to imagine and you’re not among the 52% of U.S. companies that reported having experienced a data breach as of February 2024 (Statista). An often-cited joint study by a Stanford University professor and security firm Tessian revealed that employee mistakes cause nine out of 10 data breaches. 

Business leaders must understand that robust cybersecurity extends beyond technological solutions like firewalls and antivirus software. This realization comes with good and bad news.

The bad news? The human element is often considered the weakest link in cybersecurity. After all, we’re only human. We get distracted. We forget things. 

The good? Your people can also be your most powerful first line of defense. However, achieving it takes strong leadership through comprehensive and continuous training.

The rise of remote work has amplified the need for cybersecurity awareness among employees. Remote work skyrocketed in early 2020, and, unfortunately, cybersecurity awareness training did not skyrocket along with it. Suddenly, employees were using their personal devices for work along with unsecured or vulnerable Wi-Fi networks. 

And the trend hasn’t slowed down. According to a 2024 Gallup poll, 81% of U.S. remote-capable employees work some time remotely.

Remote work environments often lack the rigorous security defenses found in office settings, making them attractive targets for cybercriminals. Therefore, remote workers must be adequately equipped with the knowledge and skills to recognize and mitigate potential cyber threats.

Employee training should focus on several key areas to effectively build a human firewall.

First, employees must be able to identify and avoid social engineering attacks, particularly phishing scams, which are among the most common cybersecurity threats. Training should encompass various attack channels, including emails, text messages, and social media interactions.

Second, password hygiene is critical. Weak passwords are a primary cause of data breaches. According to the Microsoft Digital Defense Report 2024, 99% of identity attacks are password-based. Employees must learn to create strong, unique passwords for each online account and understand the importance of using tools such as password managers and multi-factor authentication for added security. (We lay out our password best practices in this article).

Third, employees need to be aware of the risks associated with outdated systems. Cybercriminals often exploit vulnerabilities in outdated technologies. Regular updates of operating systems, applications, and other technologies employees use should be emphasized during training.

Finally, employees must understand their responsibility to maintain the privacy of their work-related technology. Unauthorized access to their work devices or systems by family members or friends can lead to security breaches. Safeguarding work-related technology is of utmost importance.

The phrase “it starts from the top” applies to cybersecurity awareness, too!

Business leaders play a crucial role in setting the right cybersecurity tone. Clear communication of cybersecurity protocols, fostering a culture of best practices, and empowering employees with the right tools and training can significantly strengthen your organization’s defenses. Regular, up-to-date training ensures your team stays informed about the latest threats and security practices.

And don’t forget to walk the walk. Business leaders will be more successful if they lead by example. They should participate in the training and follow the same rules everyone else has to follow.

Creating a human firewall is not a one-time event. It’s a continuous process that demands ongoing effort and dedication. Training programs should be a part of the orientation process for all new employees, regardless of whether they’ll work remotely. Additionally, periodic training sessions led by cybersecurity experts specializing in remote and on-premise work environments can inform your workforce about critical cybersecurity updates.

In conclusion, the most effective defense against cyber threats is a well-informed, vigilant, and proactive workforce. Businesses can foster a security-conscious culture by prioritizing continuous cybersecurity training, turning employees from potential cybersecurity liabilities into assets.