Everyone in your organization is a potential attack vector. Phishing and its variants (like spear phishing) are a very popular and productive way for attackers to gain entrance. Once they are inside, there’s almost no limit to the amount of damage they can do. Research puts the global cost of cybercrime at $600 billion last year.
In the age of collaborative work, we are supposed to be breaking through the silos in our organizations and discovering new ways of working together. Too often, this is not happening with respect to information security, data security, and cybersecurity. The very people who have the closest relationship to users and customers are effectively being told, “It’s not your job.” Cybersecurity is being treated as a black box; it’s a new silo.
Cyberattacks can mean:
- PII (personally identifiable information) is stolen
- Data is held for ransom
- Intellectual property is compromised
- Laws and regulations are violated
- Your organization is embarrassed
- Your organization is fined or otherwise punished
The consequences due to any or all of these can be catastrophic. Sales can be lost. Production time can be lost. Your organization’s reputation can be ruined, with a plummeting stock price and/or deserting customers.
So, shouldn’t everyone in the organization be involved in preventing cyberattacks?
HDI’s data says that only about one-quarter of organizations offer support staff training in policies and securityright up to the director level.
To be realistic, no one expects the support staff to become cybersecurity experts, unless they are headed in that direction as a career move. That doesn’t mean that they should not be trained in the field, and it doesn’t mean that they should not be in close contact with the organization’s cybersecurity office on a regular basis.
Support staff should know:
- Their role in cybersecurity, especially the response plan
- How to identify phishing emailsome of which has become extremely sophisticated
- How to spot the symptoms of malware
- What to do if a cyberattack is suspected
- What not to do when a cyberattack is suspected
- How to respond to customers or users who have questions about cybersecurity
- How to get more information
- What information they need to include when escalating a case for investigation by the organization’s security staff
- How to communicate with users after a cyberattack
Does your support organization know its place in the security response plan? Do you have a RACI matrix, telling who is responsible, who is accountable, who is to be consulted, and who is to be informed when a security incident occurs? Have you practiced your plan to make sure you can execute it when you are called upon to do so?
If (or more likely when) a security incident occurs, the support center can become a hive of activity, and there needs to be planning to prevent people from tripping over each other – literally or figuratively – and duplicating work while valuable time slips away.
Don’t let cybersecurity become a black box in your organization. Get involved, ask questions, and formulate a workable plan for your response team.
