How Your Business Can Build A Strong Cybersecurity Culture (4 Tips For Owners)
by Elliot Mark
The average company used to be rooted firmly and straightforwardly in the physical world: a head office would gather the top brass, a storage space would shield assets, and some kind of customer-facing facility (usually a store or a branch) would generate the revenue. But the fundamental fabric of the average business has changed significantly during the digital era — and the COVID-19 outbreak ultimately solidified this shift.
Today, the typical business operates largely or exclusively online. It still has some real-world underpinnings, of course, but they’re relatively insignificant. In lieu of a head office, there’s the remote working station of the lead executive, something that can readily change when needed. This free-flowing online approach provides incredible flexibility, economy and scalability, but it isn’t without its problems. Cybersecurity is the prime example of such a problem.
Where corporate security used to come down to physical locks and occasional NDAs, it now concerns the immense complexity of online communications. To run a safe business, you need to do more than pay lip service to cybersecurity: you need to build a strong cybersecurity culture. Let’s go through four tips for doing just that.
Train employees on key concepts
The biggest step you need to take is making a commitment to cybersecurity training. There’s a solid chance that your employees are working remotely (for the most part), and that situation is unlikely to change that much even in the event that COVID-19 stops being a concern. A single weak link in a chain can render it vulnerable, so just one worker making a security mistake can cause issues with your entire network. Everyone needs to be heading in the same direction.
Don’t leave your workers to figure things out alone and possibly flounder. Do some research, and pass the fruits of that research to your employees. They should know about everything from password managers and phishing attacks to plugin incompatibilities and proxy servers (and those are only some things starting with “P” — there’s so much more to learn overall).
Choose software carefully
We just touched upon the use of proxy servers, and it’s now standard practice for companies to rely on VPNs (virtual private networks) to safeguard their connections and shield them from prying eyes. With that said, though, it bears noting that they’re not all the same. There’s a big difference between the best VPN for security and the best VPN for torrenting (chiefly a way of downloading large files), yet many people assume that speed is the primary concern.
It certainly isn’t. Business VPNs aren’t about sheer pace: they’re about protection, ensuring that malicious actors can’t break through to access sensitive data. Similarly, you can look at website foundations: a CMS (content management system) underpins a website — you’ll surely have heard of WordPress, the world’s most popular platform — and heavily affects its security. Making smart decisions geared towards security is a vital move.
Invest in penetration testing
How will you know if your online operation is safe? Good cybersecurity culture doesn’t just commit to fundamental principles: it also takes action to ensure that said commitment is getting the desired results. And while you can assess your company’s security to some extent, it’s better to bring in an outside party to do it on your behalf.
Enter penetration testers, cybersecurity experts who dedicate themselves to probing digital systems for exploitable weaknesses. A full round of penetration testing from a reputable company will show you where your company is falling short and give you the direction you need to achieve comprehensive improvements.
Blog about relevant issues
Lastly, the cybersecurity culture you develop shouldn’t be limited to you and your employees. It should be something you spread to your customers: after all, it concerns them as well. This doesn’t mean you need to invite those customers to training sessions, of course. Instead, you should get into the habit of blogging about relevant issues.
When you upgrade your system to guard against a certain type of attack, let people know (without delving into specifics) that you’re working on security improvements. Explain how important it is to keep your customers’ data protected. Offer basic tips to help them protect themselves online: they should change their passwords semi-regularly, know how to recognize fraudulent emails, avoid logging into key accounts on public computers, etc. It all adds up.
Elliot Mark is a self-taught ecommerce entrepreneur at Ecommerce Platforms, with a particular passion for content and branding. When he’s not trawling for the latest ecommerce news and trends, you can find him cooking up something tasty, shooting pool, or deep in a good book. Share your book recommendations with him @EcomPlatformsio.