Perimeter-based security has often served as the first line of defence against cyberattacks. This ‘castle and moat’ approach treats the organisation’s network as a trusted space and places firewalls and other defences at the edges.
The challenge with this approach is that the network perimeter is eroding. In our new hybrid workplace, employees access and share data from anywhere, using multiple devices.
That’s why many businesses are moving to a zero trust approach. Zero trust includes the use of technologies like multi-factor authentication to secure individual data assets, as opposed to the perimeter they sit behind. Therefore, even if someone accesses one part of a network, they will not be able to move freely inside it.
Many businesses are also realising the need to strengthen all their defences and make security the responsibility of every employee.
The question is how can businesses elevate employees’ understanding of data security and equip them to play a more proactive role?
Here are top tips and practical examples on how to embed trust and security into company culture.
Educate and empower employees to keep data secure
The rise of remote working has made businesses more vulnerable to phishing, malware attacks,
rogue network access, and other cybersecurity threats. According to a 2021 report from IBM, phishing attempts alone rose 600%.
Advancements in security technology can help businesses protect against these threats and secure data at every touchpoint. However, many successful data breaches are the result of human error.
This issue was raised during a recent fireside chat with our customers on navigating the security frontier in 2022.
“Everyone in IT is aware there are seven layers of cybersecurity. One of these is the human layer and it is always the weakest point,” said Hasniza Binti Mohamed, Director, Digital & Incubation at UEM Sunrise Berhad, one of Malaysia’s leading property developers.
With this in mind, UEM Sunrise Berhad launched a new cybersecurity training program last year. The program included a series of online modules as well as a phishing simulation to test key learnings. A number of employees fell victim to the simulated attack, which reinforced the need for continual training.
“Security depends not only on process and technology, but also on people. In the current environment, we need to strengthen all three,” said Hasniza.
To ensure the success of awareness and training activities, it’s important to tailor content to business context and incentivise participation. In the case of UEM Sunrise Berhad, a leaderboard and prizes gamified learning and kept employees engaged.
Engage employees to stay productive and secure
Salesforce research into the role of technology in employee engagement confirmed that the quality of an organisation’s technology directly affects the quality of employees’ work. What’s more, 93% of office workers in Singapore say their experiences as consumers are increasing their expectations of workplace technology.
Employees want better workplace apps and the pressure is on IT leaders to deliver technology that improves employee engagement. The challenge is that 76% of IT leaders say their teams are not aligned with the rest of the business.
This misalignment can be heightened in the security space. For example, while every employee should have a vested interest in security, not everyone understands the language of cybersecurity. They might also not understand the impact threats can have on revenue, customer experience, and trust.
To engage with the business, IT and security leaders should start by translating security concerns into the language of risk. They then need to balance the risks with the business’ priorities.
Equip employees to build on a trusted platform
The relationship between security and business teams can be contentious. For example, the business may blame data security and privacy controls for slowing down innovation. However, data has become a critical asset and securing that asset should be at the foundation of any business goal.
The good news is that technology has evolved substantially. Today’s security solutions can actually help rather than hinder innovation. For starters, enabling teams to build on a trusted platform reduces risk, complexity, and the cost of compliance.
Teams can also embed security and privacy controls into the application development process using solutions like Salesforce Data Mask. This can help to accelerate innovation while protecting regulated data.
The bottom line is that businesses must prioritise security. Not only to protect their data, but also to earn the trust of their customers. A secure and trusted platform can help IT, security, and business teams to align on this goal and enable continuous innovation.
Download the IT Leader’s Guide to Data Security and Governance for more tips on how to simultaneously empower your teams and protect your data.