Cybersecurity: It Isn’t Just an IT Issue
The division of labor has been a core principle of economic theory for more than two centuries. Organizations can increase productivity and efficiency by dividing complex jobs into smaller, more specialized tasks. A downside of this model is that it can encourage a “not-my-job” mindset. Individuals often decline to take responsibility for tasks or duties that aren’t explicitly outlined in their job descriptions.
Research suggests such attitudes are exposing organizations to excessive cyber risk. In one recent survey of government employees, for example, 34 percent said they do not believe they have any responsibility to keep their organization safe from cyber threats. Shockingly, 21 percent said they don’t care if their organization gets hacked.
In too many organizations, there is a pervasive feeling that cybersecurity is exclusively an IT issue. People from the mailroom to the boardroom assume that security is beyond their control or capabilities, and that IT professionals and the tools they use will provide sufficient protection. That must change. In an increasingly interconnected and digital world, it is imperative that cybersecurity be treated as a collective responsibility that spans all users and departments.
That’s easier said than done, however. Creating an organization-wide security culture requires cooperation and commitment among technical staff, line of business employees and company leadership. That can be a tough sell to the “not-my-job” crowd. One solution: update their job descriptions.
The National Institute of Standards and Technology (NIST) officially recommends that all companies “incorporate security and privacy roles and responsibilities into organizational position descriptions.” To assist with the development of such descriptions, the National Initiative for Cybersecurity Education (NICE) Working Group has created a list of cybersecurity responsibilities that could be included within several different job categories. Here are a few of their suggestions:
Executive Leadership
- Establish reporting processes for cyber threats.
- Engage with cybersecurity experts and consultants to learn more about cyber risks and leading solutions.
- Commission regular risk assessments.
- Direct the implementation of a cybersecurity best-practice framework.
- Promote the development of cross-functional security teams.
- Adequately fund cybersecurity resource requests.
Sales, Marketing and Communications
- Communicate with your team about the importance of cybersecurity matters.
- Familiarize yourself with the organization’s cyber incident response plan.
- Participate in incident response planning, including tabletop exercises and other training activities.
- Protect customer information and intellectual property.
Creating an organization-wide security culture requires cooperation and commitment.
Facilities and Operations
- Secure facilities from compromise due to physical and cyber threats.
- Integrate cybersecurity with physical systems, including control systems.
- Ensure employee training includes information on the cyber risks associated with the physical environment.
- Perform regular assessments of the physical environment to identify vulnerabilities and weaknesses.
Finance and Administration
- Protect sensitive financial, legal, strategy and risk information.
- Develop a complete view of security-related spending across all functional areas.
- Develop business continuity plans for financial systems.
- Ensure contracts with suppliers and other third parties outline cybersecurity requirements and any relevant industry or government policies and regulations.
- Ensure compliance with financial laws, regulations, rules, standards and policies.
Human Resources
- Require that all employees complete cybersecurity awareness training and track participation.
- Perform background checks on new hires to minimize risk.
- Use encryption, authentication and other methods to secure sensitive information about employee recruiting, performance, compensation and benefits.
- Ensure that all user accounts and system access are removed promptly when employees are terminated.
Boost Your Security Posture
With cybercrime expected to cost the global economy nearly $10 trillion this year, organizations can’t count on the IT team alone to secure critical data and systems. Every member of the company has a role to play in boosting your security posture. Contact us to learn more about building a cybersecurity culture within your organization.
Benefits of Managed IT Services from Global Data Systems
- Strategic Managed IT: We help you solve your technology related business problems.
- Connectivity: We get you reliable, secure connectivity anywhere in the western hemisphere in 48 hours.
- Support: When you need help simply call our 24x7x365 support number.
- Billing: Instead of managing hundreds of vendors - get one, easy to read bill from GDS.
Contact Managed Services Provider, Global Data Systems >