Mark Roberts is CMO at TPx Communications, responsible for marketing worldwide, driving growth opportunities and building brand recognition.
Given recent headlines, many companies are looking at their security protocols in a new light. They are looking at the efficacy of their solutions and wondering what changes they need to make.
Small- to medium-sized businesses (SMBs) might look at the Colonial Pipeline cyberattack and think, “If it could happen to them, it could happen to anyone.” Indeed, everyone today is a potential target, and companies should recognize the threats they face and take steps to mitigate any potential risk.
The good news is that, as the CMO of a company that offers managed security solutions, I’ve found that more organizations are focused on the seriousness of the threat. The bad news is many may ultimately decide not to act until it is too late.
The Covid-19 pandemic has further complicated the security conversation by adding a new layer now that organizations must protect their teams while working from disparate locations.
It seems clear to me now that remote — or hybrid — work is here to stay for the long term. That will likely be a positive for organizations, as they can bring in the best possible talent regardless of geographic considerations.
But it underscores that security matters more than ever for SMBs. As I noted in my last piece, hackers and bad actors operated long before the Covid-19 pandemic, but the outbreak brought into sharper focus just how vulnerable many organizations are.
Here is how SMB leaders can keep security top of mind as their teams continue to work remotely.
Make It Part Of An Ongoing Conversation
It is easy to grow complacent when there isn’t a problem. But that’s precisely why teams shouldn’t let their guards down.
Too often, organizations shy away from conversations about tough topics like security. However, everyone has a role in keeping organizations safe, and managers and employees should be having regular dialogues about how best to build and maintain organizational security.
The simple fact is that it’s easier to address the topic when there isn’t a problem, so it should not be a taboo topic of discussion.
Reinforce with employees that if they “see something, they should say something.” Make sure they understand that they won’t be punished for reporting a potential concern or threat.
Make Sure The Policies Exist And Are Practiced
Let’s be honest: No one wants another memo about password security, but the fact remains that good digital hygiene is often one of the best defenses against cyber threats. Unfortunately, hackers often look for and target the proverbial “soft underbelly,” and passwords are ripe targets.
Just think about how often “password” ranks highly on the list of most hacked passwords.
A security plan may not be as successful if it doesn’t include the basics, such as password requirements, the deployment of VPNs and remote log-in protocols. Additionally, all the reinforcement in the world won’t matter if employees don’t follow policies.
Keeping security top of mind necessitates regular updates to security policies and regular communication about them. This isn’t the type of information that you should tack on the breakroom wall in the hopes that team members read up on the latest changes. Instead, you should proactively send it out to all teams.
Be Transparent And Help Employees Understand How Security Benefits Them
There is nothing positive about a security incident; it typically affects everyone within an organization. Therefore, leaders should reinforce the idea that their teams benefit from keeping the organization secure.
In my last piece, I talked about the importance of changing the thought process. In part, that requires leaders to understand that security doesn’t just fall under the purview of IT or another department — everyone needs to understand how security benefits them.
In my experience, the best way to ensure this is to be transparent about the threats facing the organization. The goal isn’t to scare team members but to show them there is a reason the topic is so essential to operations.
Reinforce With Regular Training
More than anything else, I believe it’s crucial to recognize that security isn’t a one-time affair; the threats facing companies today are continually evolving.
It’s not enough to make security a part of workforce development; you should reinforce it regularly. It shouldn’t feel like those pesky corporate training sessions that happen once a year — the ones that everyone promptly forgets and no one ever discusses until the next iteration comes along.
To make sure that’s not the case, organizations should find fun and exciting ways to deliver the safety message without minimizing its importance. They shouldn’t just do it via stodgy conference calls or all-office meetings.
Incentivize Good Behavior
Managers can ask their teams to take action all day long, but it may never be a priority without a specific incentive. However, too often, I’ve found that employees are hesitant to act and feel that they shouldn’t operate outside of the purview.
Bring employees into the conversation and empower them to act. To do so, you should show you are serious about security by incentivizing good behavior — just like you would recognize employees who go above and beyond.
I believe team members want to be recognized for their good deeds and positive actions. Turning an otherwise drab topic into something people can get excited about can drive others to act positively.
Today’s world is full of fires, and managers often feel like they are jumping from one crisis to the next. If there isn’t an active security crisis, it might be easy to push the topic to the back burner, but that is shortsighted.
No matter how much we may want to avoid the topic of security, it is one we should not avoid. The threats are real, and they are lurking regardless of whether we take them seriously, so the better part of valor is to pay attention to the threat.
Do you feel you are prepared in the event of a security breach?