Cyber security in the workplace is everyone’s business

Create a culture of cybersecurity in your office by being aware of common scams that target businesses. Develop strong IT policies that help limit the danger to your network and access to critical information about customers.

Policy – It’s hard to know when you’re violating the company’s computer use policy if your company doesn’t even have one. Unfortunately, without having a widely shared computer policy in place, not only is your company in danger of a cybersecurity breach, but employees are in danger of breaking an “unspoken rule” that could have consequences for their jobs. Your company’s computer use policy needs to address the acceptable and unacceptable uses and outline the reporting of incidents and issues.

Reporting and consequences – A lot of cybersecurity issues start out small, but they can quickly escalate until your entire network is affected. Unfortunately, if the computer policy doesn’t allow for honest reporting without dire consequences, it can be tempting to keep quiet if something goes wrong. Workplace policies should factor in the ability to report a problem so that it can be cleared up quickly.

Update – You’ve probably seen pop up notices to update your antivirus software or your browser. It’s important to make updating your tech and software a part of the computer policy. You also should make sure that updating the policy itself is a regular habit. New threats and attacks crop up every day, so without an up-to-date policy manual and training on the latest forms of cybersecurity dangers, your company is only as safe as the old version of the manual.

Talk about it often – A cybersecurity presentation is not a set-it-and-forget-it solution. Your team members may change, new dangers may crop up, new technology may be bought for your company. A once-a-year talk at an employee meeting is not sufficient to keep your company’s employees aware of the danger and thinking of security. Make sure that sharing news of the latest threat—and how your company is supposed to respond to it—is an ongoing conversation.

It all starts at the top – When a mandate for a computer policy or a cybersecurity meeting comes down from higher ups, it’s easy to forget that the people at the top are just as likely to cause a cybersecurity breach as those at the bottom. There’s no reason to assume the managers or executives can’t be guilty of clicking on a link in an unknown email, or accidentally handing over access to a database of sensitive information. When the company talks about cybersecurity, it’s important that everyone—from the CEO to the janitor—understands the dangers and knows how the company’s technology is supposed to be used.


Additional resources

Cyber Resilience self-assessment
Department of Homeland Security – Stop. Think. Connect.
Small business protection resources from the Federal Trade Commission