Employees confused about cybersecurity responsibilities
The federal government has ensured cybersecurity will be top of mind for a news cycle or two with the half a billion-dollar line item for cybersecurity in the recent federal budget, acknowledging the growing need for cyber protection as part of the “public commons.” The proposed investment raises awareness of this crucial issue.
While the government updated its cybersecurity strategy, businesses need to take an equally hard look at their own practices. Now is a good time to broaden the discussion beyond government roles and responsibilities for data security to include all Canadians — especially companies and employees.
A new survey of 1,505 Canadians on workplace security found employees are confused as to who is responsible in the workplace for protecting company information. The Citrix Cloud and Security Survey shows Canadians are split on who should safeguard the security of corporate data. Forty per cent of employees believe they bear zero responsibility for securing information, pointing to the need for a more comprehensive strategy that makes security everyone’s business.
The findings show that companies are increasingly vulnerable to breaches from unsafe practices. Six-in-10 employees have accessed personal or work data using public Wi-Fi networks, which may be unsecure, and half have been the victim of a phishing email or online virus.
Regardless how secure a company’s workplace technology is, there are risks if employees are not fully aware of security protocol (which is the case with nearly one-inthree employees).
As data breaches become increasingly commonplace, companies must develop proactive solutions from both individual and business perspectives.
Individuals can always benefit from security awareness, regardless of an employee’s level of digital literacy. The most tech-savvy may in fact be the biggest security risk, given they are likely to spend more time on their devices, have the capacity to work around company security protocols and are likely to access company data on their personal devices for convenience.
So, what can be done from an organizational perspective?
Three guiding principles can be applied to all workplace security practices.
First is fostering a strong corporate culture around security: updating policies and procedures, an overall risk strategy to account for mobile devices and remote access, and a process for managing the use and security of employee-owned devices.
Second is to equip employees with security training and education, highlighting the human factor to ensure security protocols are followed and avoiding threats such as phishing or malware.
Last is to implement secure technology that limits opportunities for breaches from the outset and allows for quick resolutions.
Risks can never be eliminated completely, but they can be mitigated to reduce the impact of threats and breaches. The needle on cybersecurity is moving in the right direction, the question is whether Canadian companies are ready to use the government investment as a launching pad and lead the charge.