How business leaders can champion a culture of cyber resilience

Encouraging a cyber aware culture in the workplace.

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Given the modern threat landscape and onslaught of more evolved attacks, cyber resilience is concern for every business as collectively we recognize that the latest technologies alone won’t be able to fend off every dangerous risk or threat. To combat this, companies need to create a culture of cyber resilience that aids all employees in easily enacting moderncybersecuritybest practices.

Because company culture is far reaching and vital to every employees’ success, it’s usually championed by senior leaders with holistic views of the company and its operations. It is vital that company leaders are familiar with the threat landscape and related online challengesemployeesface day to day in order to promote behaviors that encourage a cyber aware culture.

What does it mean to be cyber resilient?

Think of cyber resilience as digital fitness. It’s a business’s ability to keep moving forward in the face of adverse cyber threats. Because cyberattacks anddata losscan easily derail a business, it’s crucial to have the right tools, processes andbackuppolicies in place in order to strengthen cyber resilience and easily bounce back in the event of a threat.

Building cyber resilience at scale

While it’s comforting to know dedicated cybersecurity vendors or internal teams of experts are safeguarding employees and businesses online, it never been more crucial that everyemployeetake ownership in their online behaviors because some of the most comment threats, likephishing, are at record highs given the ongoing pandemic and the employee is often the target.

In fact, recent research detailing online behaviors and clicks habits of professionals workingremoteduring the pandemic found that in Australia and New Zealand, one in five people reported receiving phishing emails specifically related to COVID-19. 76% of respondents also admitted to openingemailsfrom unknown senders, an ongoing cybersecurity risk, with over half (59%) blaming it on the fact that phishing emails look more realistic than ever.

It takes time to adopt cyber resilient behavior into day-to-day routines but there are simple steps, like using uniquepasswordsfor all logins and never enabling macros from a document, that can keep end users safe from a range of common threats.

Investing in education and cyber awareness

If employees are not educated about cyber threats, they can’t be expected to properly defend against them. Cybersecurity awareness training varies in length and curriculum, but elements can include phishing simulations, courses onsecuritybest practices and data protection, and compliance training for important regulations like GDPR, HIPAA, CCPA, etc.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

The most effective cybersecurity education empowers users to be a proactive participant in an organization’s security practice. Training is important at onboarding, but regular ongoing simulations, engaging content, and gamification will create and sustain true culture. Integrate cyber awareness in the minds and beliefs of staff and reinforce it at all levels of the organization on an ongoing basis.

To reinforce a cyber resilient culture, businesses should report on successes (like number of attacks blocked), latest risks and threats, and tips to staff about cybersecurity trends and best practices through internal newsletters, emails, remote check-ins, along with sharing external methods of validation such as videos and podcasts. Business leaders should incorporate reminders and updates about cybersecurity into All Hands meetings and other important company updates to underscore the importance and purpose of investing in cyber resilience.

By incorporating the above practices and considerations into company culture, businesses can significantly reduce risk while protecting their reputation, staff, and customers. When staff feel they are an integral part of security, that they have a collective responsibility, and that they can identify latest cyber threats, framed within their workplace culture, they help themselves and their organizations to avoid the potentially devastating effects of a cybersecurity breach.

Nick Emanuel is Senior Director of Product at Carbonite + Webroot.

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics

This new phishing strategy utilizes GitHub comments to distribute malware

Professionals are facing “tech overload” as they try to juggle multiple devices in the workplace