You want to protect your company from online threats. One of the most important ways to do this is to create a culture of cyber security within your business. Doing so takes time, but will ultimately protect you in the long run. Follow these seven strategies and you’ll turn your workplace into an environment of cyber-secure literacy. Focusing on the internal environment is as important, if not more, as focusing on external threats.
1. Write it into your business strategy. Grab your copy of the strategy right now. Read over it again. What do you have in there that states your goal for cyber security? How have you integrated it? If it’s not in there, it’s time to write a new revision. With our hyper-connected world, it’s a must have. Put cyber security goals into your business strategy. Make it a part of your strategic objectives. Weave it throughout your tactical plans. Define metrics to gauge performance. Cyber security needs to be a part of your strategic vision.
2. Consistent employee training. Reinforce your cyber-security-aware business strategy with regularly scheduled employee training. Our OpenVPN study found that employees have a ton of bad habits online. They’re either your biggest security asset or your biggest risk. The choice is yours. Train them to be assets.
3. Cyber security job titles. Put those security roles right on their business cards. While there are traditional roles such as security analysts and chief information security officers, you can add specialized titles to employees' roles as well. Ideas might include intrusion detection specialists, penetration testers and computer security incident responders. If everyone is trained on how to handle and respond to problems, you could add that last title to the entire staff!
4. Monitoring and detection. You can’t respond to problems if you don’t know they’ve happened. You need constant monitoring and detection on your network and website. Setting up a VPN is a great way to monitor traffic within the network and keep outside connections out completely.
6. Defining the plan. Do you have your security plan defined? Start by putting it together and writing it all down. It’s an important process that every business needs clearly stated, regardless of size. We have some tips to get you started: “Where should you start to create a strong cyber security framework?”
7. Testing the plan. If you have a plan in place but don’t test it out, you may have failures. Test the steps. Test your backups. Test your response plan. Then rinse and repeat. Setting up a schedule to revisit and test your plan regularly will keep you on top of your security game. You will need to adapt and change it constantly as security threats evolve. Get your employees involved in a fun way by offering incentives, something we’ve found works at OpenVPN. Reward them for reporting obvious red flags. The best laid contingency plan won’t do a thing if it happens to fail on the first step!
We echo this business-culture advice from OpenVPN's CEO, Francis Dinha: “It’s not about how much money you raise. It’s all about the type of people you attract to the company.” Share with your employees and thank them for creating the successful culture helping your business to thrive!