Skip to main content
opinion

Ching Mac is a director for Citrix Canada.

Technology has historically moved the dial on where, how and when work is done. In the past, smartphones brought on a new level of mobility and flexibility. Now, voice technology, artificial intelligence and blockchain are revolutionizing the modern workplace. But as digital innovation progresses, the cultural shift around digital security must evolve equally as fast.

Companies are responsible for securing information – whether it be customer names, addresses or credit card information. The importance of security cannot be understated. This is especially pertinent in the wake of large-scale breaches that have caused significant harm to brands’ reputations.

Interestingly, it’s not always hackers with malicious intent and more often than not, most breaches are preventable and occur from within. The question is, how can business leaders ensure their employees take security seriously?

While high-profile attacks caused by organized criminals make headlines, most breaches are caused by small infractions within an organization. For example, employees clicking harmful links or opening suspicious e-mails. Having a properly educated and equipped work force is a company’s best defence against cybercrime.

Yet, research shows that security is not a priority for many employees. According to a recent survey by Citrix Canada, 40 per cent of employed respondents feel zero responsibility to ensure corporate data is secure, and three-in-10 workers are not aware of the security protocols that their company has in place.

Cybersecurity requires not just a technical shift, but also a broader cultural shift to change how employers and employees view security. In this transition, employee education and engagement is critical, and the partnership between human resources, IT, business units and C-Suite executives cannot be overlooked.

Security needs to become part of company culture, with a strong IT department, robust security policies, comprehensive employee onboarding and continuing education practices. Awareness is of utmost importance and ensures employees are mindful of the risks associated with handling company information.

Employees should be aware of security policies and why they matter, from password hygiene and phishing alertness to the perils of a jailbroken smartphone. Developing and communicating these policies can be done in tandem with IT.

Further, for employees to buy in to a security strategy, it must be customized to the organization and not inconvenience day-to-day work practices. The same survey found that almost four-in-10 workers feel their employer’s security protocols make it difficult for them to work remotely.

When an employee is faced with a choice between security and convenience, they will likely choose the latter. These two ideas do not need to be at odds. HR and IT departments must work to develop policies and introduce technology that make security conducive to the work culture at hand. User experience is critical to the overall security practices at any organization.

HR also needs to partner with IT to develop the company language around employee responsibility. It is important to communicate that, while securing company data is the company’s responsibility, employees support the initiative by working safely and being accountable for certain aspects of their security, such as adhering to company policies, updating passwords and using work-sanctioned technology and software.

Maintaining an active and up-to-date dialogue on safe working practices is critical because these practices often change over time. When discussing security strategy, having HR, IT and other business units at the table ensures a better chance of spotting and addressing vulnerabilities. All department leaders or representatives should be consulted when it comes to security – not just HR, IT and C-Suite. Security culture trickles down from the leaders of each department.

A one-size-fits-all security approach does not exist. However, having leaders on the same page and constant communication with employees gives an organization the best chance of securing important data. A revamped security culture is needed. Organizations will be stronger – and safer – as a result.

Interact with The Globe