Cybersecurity discussions tend to focus on software and hardware technologies to detect and isolate threats. But thereās are growing awareness that people can be the most effective cyber-attack deterrentāif theyāre informed about the importance of their actions.
At Rockwell Automationās Automation Fair 2023, a panel discussion focused on this issue and explained how companies can build a human firewall to protect their operations.
Drew Rose, chief security officer and co-founder of Living Security (a provider of training to address cyberthreats) noted that workers donāt need to know everything about cybersecurity to be effective. āBut they do need to know when to ask for help or raise a red flag,ā he said.
To teach workers how to do this, Rose said you need to make your communications about cybersecurity fit who the workers are. For example, if youāre speaking to employees who work with automated machines, you should explain what an attack on your business means to the machines they work with.
Internally, Rockwell Automation stresses that cybersecurity is everyoneās business. āOur motto is ācybersecurity starts with you,āā said Paula West, IT marketing and engagement manager at Rockwell Automation. āWe also show how the things we teach them about cybersecurity can protect them and their familiesānot just their workplace.ā
The language you use is also important, added Alex Panaretos, director of professional services at Proofpoint (a cybersecurity platform provider). āThereās a difference between asking someone to āreportā something and asking them to ānotifyā you,ā she said. āWhen you ask people to report something, interaction tends be low. But if you ask for a notification so that someone else can handle it, weāve seen engagement increase by 60%.ā
Keep training up to date
The cyber threat landscape is constantly changing. While the core tenets of good cyber practices will continue to protect a companyās systems, workers need regular updates to keep abreast of the latest tactics.
West said Rockwell uses real world examples to keep employees up to date. āTalk about whatās actually happened at your company,ā she said, including attacks that were avoided or suspicious activities that have been detected. Itās also key to understand the day-to-day realities of different workersā roles and the threats they may face in their work to help tailor your communications with them.
āWeāve had success with enterprise messaging,ā said Rose. āUpdating teams with this method via short, regular updates can be effective. Move away from those 60-minute training classes every year to a 30-second video every week or two.ā
Rose added that it can help to talk about how the cyber-attacks they hear about in the news could impact your organization. āYour message has got to be more than: Ransomware is bad,ā he said.
āBuild relationships between employees and your cyber help desk,ā advised Panaretos. āFor decades, cybersecurity has been about technology and processes without recognizing thereās a person involved in everything. To build those relationships, itās important for organizations to realize they have neurodiversity and cultural differences in their workforce.
āTry to understand why people are doing something,ā she said. A loss of focus can be caused by caregiver stress experienced by the worker or other at-home issues. Having this level of interaction ācreates a human connection,ā she said. āPeople need to know they can make a mistake and recover from it. You need open dialogues. A silent organization is a dangerous one.ā