Senior leaders are prime targets for hackers seeking to launch cyber-attacks and gain access to confidential data. They are also often reticent to follow cyber security best practices if they are unduly disrupted from their day-to-day work. With more employees than ever working remotely, how do you mobilise them securely without impacting productivity?
It’s been a challenging couple of years for a great many organisations, as we have adapted to remote working and the potential cyber security risks that it brings. Many organisations are dealing with a particularly unfortunate combination: senior leadership, a popular and potentially lucrative target for hackers, also happen to be some of the most reticent professionals when it comes to adopting new technologies – especially when it comes at the cost of disrupting their day-to-day work.
We’ve already seen some high-profile organisations suffer data breaches since hybrid working became the norm, as major law firm Campbell Conroy & O’Neil published a disclosure on its website in July 2021. It’s the kind of thing that keeps IT Managers up at night: trying to get buy in from senior leaders who don’t read instructions, don’t acknowledge Service Desk emails, don’t read training material, and – in one case we heard – try to setup multi-factor authentication on a desk phone.
It’s essential that your organisation protects itself and its clients, though, especially as your people – including senior leaders – continue to work and access confidential information remotely. Is there a way to mobilise your people securely without impacting productivity? At Six Degrees, we believe there is. In this blog post we’ll show you how.
How to Get Cyber Security Buy-In
When it comes to implementing cyber security best practices that will actually be followed, it’s all about getting buy-in. Here are some tips to getting the buy-in you need:
- Get senior leaders on-board. In order to enact strong cyber security practices, you will need to affect cultural change. This starts from the top, which is why it’s important to get senior leaders on-board from the start.
- Focus on reputational and cost damage. Cyber security may be an esoteric concept for some decision makers. Reputational and cost damage are not. Focus on these when you explain the importance of cyber security in the context of a data breach.
- Provide one-to-one training. Senior leaders may need hand holding when you setup measures like multi-factor authentication. Where possible, provide one-to-one training to ensure the message gets through.
- Make it simple and intuitive. Nobody likes unnecessarily complex systems and processes. Make your cyber security measures as simple, intuitive and low-impact as possible to ensure people don’t get frustrated and start to push back.
- Ensure it works from day one. This is a non-negotiable. If you’ve got your senior leadership on-board, secured investment, and started roll-out, it’s absolutely essential that your cyber security measures work perfectly from day one.
- Carry out security awareness training. Security awareness training and testing is essential at any organisation. Leaders often want to know who has failed a phishing test, and this can create a sense of healthy competition if managed properly.
- Leverage your Information Security Team. Your Information Security Team spends a lot of its time carrying out internal investigations. Cyber security software and its tracking and auditing capabilities can help with this. Get them onside and supporting you in your discussions.
Once you’ve got the buy-in you need, it’s time to put in place the secure mobility measures your organisation needs. We’ll explain what these look like in the following section.
Mobilise Your People Securely
The keys to secure mobility are identity, data and devices. The combination of these three elements will enable you to mobilise your people securely without impacting productivity. Let’s take a look at each:
- Identity is the new perimeter. You should establish multi-factor authentication across all accounts, and use a central identity directory to ensure consistency across different applications. This enables you to leverage single sign-on by linking identities with individuals, making access a great deal more straightforward for your people.
- Data classification and labelling are essential to identifying how to control different types of data. Data loss prevention is much easier when data classification is on-point, and privileged information access allows you to control and audit data access by setting the appropriate permissions. Microsoft’s in-built tooling makes things like electronic discovery much easier, enabling you to avoid disparate solutions that come with a cost and management overhead.
- As part of your authentication parameters, you should make sure your devices are protected against threats, manageable irrespective of physical location of device, and integrated into control policies.
Agility Made Simple: Cyber Security for Your Organisation
Senior leaders are prime targets for hackers seeking to launch cyber-attacks and gain access to confidential data. They are also often reticent to follow cyber security best practices if they are unduly disrupted from their day-to-day work. With more people than ever working remotely, it is essential to mobilise them securely without impacting productivity.
By achieving cyber security buy-in and combining identity, data and devices to deliver secure mobility, you can achieve just this. Speak to one of our experts about how you can apply these principles at your organisation.