[Column] Ryan Mer: Why building a culture of cyber awareness should start at the top
As more companies recognise the importance of taking measures to protect themselves and their customers by installing sophisticated malware detection systems, and utilising the services of cyber security experts, they may not be assisting their internal stakeholders who are the custodians of much of their data, otherwise known as employees, to safeguard themselves against attack.
Companies frequently organise wellness days for physical and mental health awareness, or team building and feel-good events, but few, if any, take steps to teach safe and healthy digital practices. Setting an example from the top of the company down is the best place to start instilling good ‘digital hygiene’ at every level of a company’s structure.
With the advent of remote working, and load shedding that has forced many people to seek connectivity in coffee shops, internet cafes and on other public networks, our cell phones, laptops, and tablets are even more exposed. The first step in leading from the top is being a pioneer of cyber security measures and consistently communicating these to staff through customised education and training.
It's equally important to appreciate that there’s a technical component to cyber awareness that can present a learning curve for some staff members. This makes having robust, automated systems that serve as an extra check and balance critical for businesses today, especially those in the SME sector, who will have a much harder time recovering from the financial consequences following a security breach or act of fraud.
Training in identifying suspect emails and dodgy attachments is also useful for staff, who may easily be convinced to proceed with actioning a payment request from the CFO or open a proof of payment document from an unknown vendor. Most of us know that revealing a PIN number or One Time PIN is a complete no-no. But it bears repeating that there isn’t a reputable company anywhere that will call and ask you to disclose this information, so helping employees to understand the consequences of gullibility can also go a long way in preventing a cyber disaster. Cyber threats are often thought of alongside images of a lone hacker in a hoodie, but because cyber criminals are financially motivated, they run their operations like a business and can be very persuasive when targeting victims.
Payment fraud is amongst the most common weaknesses in companies and occurs when invoice payments and salary runs are being processed. A platform like eftsure can mitigate the risks of such fraud, by automatically verifying and re-checking the integrity of the payment details of every company payment prior to payment release. Real-time prevention is the first line in a company’s defence against fraud and can avert loss of funds, lengthy system shutdowns, forensic investigations and other costly remediation measures after a security breach has been detected.
Most internal IT departments can teach your staff preventative measures to avoid cyberattacks, but whether you use in-house resources or outsource to experts in the cyber security field, it is important that your company first and foremost takes steps to protect itself. By demonstrating that you take everyone’s cyber safety seriously – both inside and outside the organisation - you will be showing responsible leadership and awareness that modern-day threats pose to the stability of your enterprise.