Cybersecurity has become more important than ever – with ransomware on the rise, and companies realizing that remote/hybrid work models may be here to stay. However, with IT teams struggling due to limited staffing and high turnover, cybersecurity protection has also become more difficult to implement.
Consider these statistics:
There are approximately 2.72 million unfilled cybersecurity job openings, according to an October 2021 report by (ISC)².
A 2021 Gartner study indicated that 64% of IT executives believed the availability of talent was the most significant challenge for emerging technology adoption (including IT security); that’s compared with only 4% in 2020.
Cybersecurity teams are being asked to do more with less. While there are initiatives in place to actively try to fill that gap, there are tangible steps organizations can take right now, even with limited resources, to safeguard cybersecurity environments. Cybersecurity practices are most effective when they are integrated as a way of life for employees, rather than a once-a-year IT requirement.
Focus on data protection
A key issue for cybersecurity leaders is making people’s work lives easier by reducing the number of problems that they need to address, often known as addressing alert fatigue. When it comes to protecting against ransomware, cyber-attackers look for the fastest route to sensitive data with the least resistance. It’s possible to safeguard mission-critical content by enacting the following data protection policies:
Require strong passwords. Complex passwords should contain at least 12 characters with mixed case, letters, and numbers that have never been used before.
Utilize multi-factor authentication (MFA). A strong password is no longer enough, as even unsophisticated software applications can compromise them. A second authentication method like MFA, however, enables an added layer of protection for users.
Disable inactive accounts. It is critical to ensure accounts are immediately disabled for users who leave the company, including access to all databases, applications, and other content repositories. Dead and dormant accounts can function as a literal playground for cyber-attackers since they are not monitored in the same fashion as active accounts.
Limit access to data on a “business need to know” basis. When it involves authorization processes needed for large groups, provide users with the least amount of account privilege and system access that allows for productivity. This decreases the potential damage if an accident occurs or a bad actor obtains access to the account.
If you see something, say something
Ongoing, companywide cybersecurity training is also imperative in this effort and should be particularly focused on social engineering and phishing attacks. Further distribution of risk management within organizations, as well as increased engagement from your end-users and customers, will provide them with a better understanding of what is occurring at the security level. In addition, a company’s stakeholders should speak up if they see a potential IT security issue. Just like travelers at an airport or train station, “if they see something, they should say something.”
Cybersecurity fuels job satisfaction
Modern businesses cannot have effective data governance and security programs that consist of a single person or department. Rather, cybersecurity needs to be an all-hands company effort, with personal accountability required of all associates. Part of that discussion should also include how effective IT security can make people’s jobs more productive. By managing cybersecurity as a mission-critical initiative, employees can focus on more strategic activities versus devoting time to picayune security updates. Not only are users able to be more efficient and productive, but they can also have an increased sense of job satisfaction in an environment with enhanced security protection. This can ultimately lead to increased employee morale, retention, and recruiting.
Your employee’s PII and PHI are at stake
It’s also important to note the continued increase in data privacy requirements at the U.S. state level, and globally. By 2023, 65% of the world’s population is expected to be under data privacy regulations. This is even more critical as organizations become more data-driven and seek to maximize employee productivity, requiring more work for the same number of people.
Unfortunately, many organizational stakeholders are unaware of how to properly protect their employees’ valuable data, so it’s up to the company to educate them on best practices. The good news is that there are proven solutions available for companies, such as ongoing privacy assessments and partnerships with outside organizations that help to facilitate compliance and give them visibility into structured and unstructured data – especially for companies that work in highly regulated industries like financial services and healthcare. With proper training and by limiting access to sensitive content, organizations can protect themselves from becoming victims of the next big data breach, which helps to cultivate employee trust.
In summary, companies should take a proactive approach to the current war for IT talent. This starts by making people part of the solution, rather than the cause of the problem. By viewing cybersecurity as a wise investment instead of an optional budget line-item, organizations can stay a step ahead of cyber-attackers and detect data misuse, or potential insider threats, before it’s too late. Employees can also become more productive, thereby increasing job satisfaction. Finally, as personal privacy is increasingly viewed as a human right, organizations need to keep it at top of mind.