You can’t get far in protecting your data and tech resources without having a thorough plan in place. Encrypting your data, responding to breaches, monitoring and reporting — none of it gets done efficiently without a coordinated strategy and cybersecurity policies that put the pieces together and guide employees forward.
However, while it’s true you can’t over-prepare for cybersecurity, also understand that any ol’ expansion of the cybersecurity plan isn’t necessarily a good thing. In fact, certain approaches to cybersecurity planning can work against your overall goals, making it harder, not easier, for your employees to support best practices.
Writing for Forbes, William H. Saito runs down some criteria for gauging whether your plan is contributing to solid cybersecurity or tripping up your employees and setting you back. Some of his key recommendations include:
- Refrain from introducing paranoia to the work culture and disconnecting from the internet. Employees working in this context will introduce workarounds, almost inevitably leading to compromised data.
- Don’t ban outside network access. The tradeoff in productivity is not worth it, and there are secure alternatives.
- Don’t shame and make examples of breach victims. Unless, of course, you want employees to fear notifying you of data breaches. Encourage communication.
- Include tests of employee awareness in audits. This will give you an idea of how well your staff is putting best practices to work. Again, it’s important not to call out and shame those who have not taken the preferred actions.
- Automate security configuration, minimizing the inconvenience to users.
- Focus on usability. Always keep in mind that a plan covering everything is still no good if nobody can use it.
Whether you are in the private or public sector, this guidance should apply to your cybersecurity planning. This also should not be contingent on which compliance standards and regulatory agencies guide your security controls. Hitting all of the marks on your compliance checklist may seem like a cause for celebration, but the hangover will set in quickly if you haven’t taken the time to make your plan user-centered.
Lunarline offers a range of consulting services that can help you develop a user-first plan that gets real results.
For information on how we can help you, contact us online today.