Cyber awareness and cyber security are shared responsibilities.
This is a recurring theme of the National Cyber Security Alliance, a nonprofit consortium that brings private funders and government and nonprofit collaborators together to raise awareness of cybersecurity issues.
One of NCSA’s most useful resources for nonprofits, small businesses, and startups is StaySafeOnline.org, which provides resources for keeping individuals and businesses safe online and teaching cyber awareness to others.
StaySafeOnline’s blog also provides practical guest posts. In one such recent blog post, Greg Kushto from Force 3 (a Maryland network security firm) emphasized the collective nature of cyber responsibility:
Your coworkers on the IT team are not the only ones who should feel responsible for cybersecurity in the workplace. All employees, whether in the office or at home, should feel accountable for the security of their networks and devices. […]
Kushto’s brief blog post emphasizes three points:
First, to avoid phishing attacks that could undermine a network, exercise healthy skepticism about incoming emails and links provided by unknown sources.
Second, get in the habit of keeping business and personal technology and usage separate.
Third, when you face challenges with something online, or if you have a question about introducing unknown or unfamiliar technology into your office environment, don’t try to do it yourself. Engage with IT professionals before taking the next step.
Kushto’s points are valid. Equally important, StaySafeOnline provides organizations of all sizes with tools to help organizations create a culture of awareness. Remember, smaller organizations are especially at risk. Most don’t have formal internet security policies or social media policies, and small companies often have significant gaps in training and policy enforcement.