Three Steps to Making Cybersecurity a Company-Wide Priority

Kelly Potter, CIC, PWCA
  1. Leadership Buy-in:  The management team at your company must recognize the importance of cybersecurity.  Risk assessments and standard operating procedures need to be implemented and discussed at regular leadership meetings.  Cybersecurity is no longer just an IT issue; it needs to be a “boardroom” issue.
  2. Create a Culture of Cybersecurity:  Promote awareness and make cybersecurity a regular part of company conversation.  Training your staff once a year will no longer cut it. There should be regular discussions on new and emerging cyber risks and reminders on cyber security best practices.
  3. Training:  Staff training is a necessity.  It only takes one “weak-link” employee to potentially open your business up to substantial risk.  Your cyber liability insurance company, insurance broker or IT professional should be able to assist you in finding the right training to address your cyber risk exposures.  Ransomware, phishing, password management, access controls and mobile device management should all be addressed.