In Week 2 of National Cyber Security Awareness Month (NCSAM) – an online safety awareness and education initiative co-founded and led by the National Cyber Security Alliance (NCSA) and the U.S. Department of Homeland Security (DHS) – NCSA encouraged every workplace to create a culture of cybersecurity from the break room to the boardroom.

The National Institute of Standards and Technology (NIST) Cybersecurity Framework helps make cybersecurity immediately relevant to businesses by starting with a simple question for business owners and operators: What do you have to protect?

  • Identify: Conduct an inventory of your most valuable assets – those of greatest importance to your business and of most value to criminals – such as employee, customer and payment data.
  • Protect: Assess what protective measures you need in place to defend the organization as much as possible against a cyber incident.
  • Detect: Have systems set up that would alert you if an incident occurs, including the ability for employees to report problems.
  • Respond: Make and practice an incidence response plan to contain an attack and maintain business operations in the short term.
  • Recover: Know what to do to return to normal business operations after an incident or breach, including assessing any legal obligations.

Creating a culture of cybersecurity is critical for all organizations ‒ large and small businesses, academic institutions, non-profits, and government agencies – and must be a shared responsibility among all employees. Yet, in MediaPro’s second annual State of Privacy and Security Awareness survey of employees and the general public, for the second consecutive year, the average respondent was rated a security “novice” after being quizzed about security and privacy best practices. Seventy percent of MediaPro’s survey respondents showed at least some lack of security and privacy awareness. The study had several other notable findings:

  • 24 percent of employees surveyed took potentially risky actions when presented with scenarios related to organizational physical security, such as letting strangers in without identification.
  • 20 percent of employees showed a lack of awareness related to safe social media posting, choosing risky actions such as posting on their personal social media accounts about a yet-to-be-released product of their employer.
  • 19 percent of respondents chose to take risky actions related to working remotely, such as connecting their work computers to an unsecured public WiFi hotspot.
  • 12 percent of respondents failed to recognize commons signs of malware when presented with real-life examples, such as a sluggish computer or anti-virus software unexpectedly switching off.

This should make it clear that employees must be made aware of the risks, of what they must protect, and the security measures that must be taken automatically and become second nature. The web is necessary for work, allowing the fast research and needed answers employees must have. But it’s also a serious dangerous to any company’s assets, and we all must use it with care.

TailWinds can provide a tremendous amount of technology to protect business assets, but the humans must be trained, and reminded often, that their awareness of threats is just as important.

Please get in touch with us today. We can guide you in creating a culture of cybersecurity throughout your organization. (205) 332-1600 or