Guiding leaders to greatness

TrustBrandCorporate governanceData privacyRisk managementSecurity

Cybersecurity is Everyone’s Job

In a hyperconnected world, cybersecurity is a vital part of protecting both corporate reputation and the safety of employees. While IT departments might be responsible for putting systems in place, it takes every employee from the C-suite down to ensure those systems remain intact.

16 August 2022 • 4 min read

Martin Woortman/ Unsplash

When asked what assets a business holds, most would think of buildings, land and cash. But there’s a less tangible yet nonetheless highly valuable asset that many forget: reputation. Difficult to acquire and easy to lose, brand reputation is vital in allowing a business to succeed, irrespective of how good its services or how efficient its infrastructure.

The bedrock of brand reputation is trust – without it, reputation cannot exist. And one of the key ways to build this trust into a business today is by developing a multi-faceted cybersecurity strategy – one that takes the full gamut of threats into consideration.

Many companies still fail to take cybersecurity seriously until there has been an incident – at which point it is already too late.

As far back as 2017, digital security company Gemalto (since acquired by Thales), identified in a survey that 70% of consumers would stop doing business with a company if it experienced a data breach. In addition, PwC’s 25th Annual Global CEO Survey found that CEOs rank cyber risks as the top threat to growth. Yet many companies still fail to take cybersecurity seriously until there has been an incident – at which point it is already too late.

There are also financial considerations: companies that fall prey to cyber attacks can lose money to ransom payments, unapproved money transfers, a negative impact on their share price, the cost of investigating the attack, and in repairing the damage. In addition, there may be legal costs for not taking proper care of customer data. Your cybersecurity defenses, therefore, need to be as stringent and comprehensive as possible.

Getting employees on board

First, be aware that the way employees use company networks and systems can unwittingly pose an enormous risk to your cybersecurity. Here, passwords are a major problem – if they decide to use the same password to access their personal and corporate social media accounts, for instance, that could expose you to risk – if you have a data leak, cybercriminals could access your corporate emails and compromise you.

It’s important, therefore, to educate employees on the importance of strong passwords, and have a clear password policy in place. Passwords also need to be renewed regularly so that if they are compromised, the window of opportunity for any breach is very limited.

Overlaying this should be two-factor authentication; that way, if one level of authentication is compromised, the next one will block any unwanted access.

Beyond passwords

But while good password control is vital, there are many other risks to consider – and more are emerging every day. This requires that your in-house cybersecurity team conducts continuous monitoring to keep the system as updated and secure as possible as new threats appear – and anticipate any leaks or weaknesses that cybercriminals might exploit.

Attackers might set up fake websites or emails in your company’s name, which might well be indistinguishable from the real thing to the ordinary person.

Phishing and impersonation attacks, for instance, can cause a great deal of damage, where illegal access is gained to bank accounts, or an attacker poses as a trusted person (or company) to steal money or sensitive data from a company. Attackers might set up fake websites or emails in your company’s name to achieve this, which might well be indistinguishable from the real thing to the ordinary person.

Hacktivism, too, poses a serious risk: hacktivists gain unauthorized access to company or government files or networks to further their own social or political goals, and can cause enormous reputational damage if those views are seen as being aligned with your organization.

And then there is the use of ransomware, where a company’s data is stolen, and a payment is required. Ransomware attacks in 2021 cost companies in a variety of industries millions of dollars, and the damages aside from the ransoms averaged $4.62 million, with mega-breaches costing as much as 100 times more.

Prevention is better than cure

Of course, there are no guarantees when securing your company’s networks and data, but there are a few vital pillars to ensure they are as secure as they can be. Having the right measures in place can give your organization a fighting chance when attackers attempt to breach your defenses.

First, ongoing education of employees is vital. They must understand how phishing works, how their passwords help to keep the organization safe, and how to identify suspicious emails, links and websites. Most of all, they must learn to be vigilant at all times, and additional training must be given as and when new threats arise.

Constantly test the system – and ensure defenses are in place for data going in and out of the company, as there are risks in both directions.

Second, it is important for your cybersecurity team to constantly test the system, and ensure defenses are in place for data going in and out of the company, as there are risks in both directions. 

And third, it’s imperative to understand that this is not a one-off intervention: cybersecurity must be monitored and updated around the clock, on a continuous basis, and that requires a specialized team, and support for the necessary interventions from the company’s executive management. Without that top-down support, it is very difficult to get the rest of the organization on board.

Getting everyone on board is a key strategy, because good cybersecurity is a team effort – not just from those working in the security department, but from every person in the company. It’s a new way of working for many and will take some adjustment. But if everyone works together, it is possible to build a system with strong resilience against potential attacks, and most importantly, a system that does its essential part to keep the company’s reputation intact.

BrandCorporate governanceData privacyRisk managementSecurityTrust

Discover more in

Trust