In Fall 2018, the White House outlined a National Cybersecurity Strategy for the nation, calling upon seven industries to assist the fight against cybercrime. Nearly every industry is named because cybersecurity is no longer just a computer programmer’s problem; it’s everyone’s business. Now the National Institute of Standards and Technology (NIST) has released a workplace guide, “Cybersecurity is Everyone’s Job,” with detailed advice for employees at all levels.
Whether you’re part of your organization’s information technology team, the chief executive, a human resources manager, or the newest hire, your day-to-day activities (on and offline) can provide fertile ground for corporate spies, cyberthieves, and enemy states to eavesdrop, steal, or plant false information. Today’s workplace leaders must be attuned to how their actions make an organization risk-prone or, worse, liable for damages.
Our "Cybersecurity is Everyone's Business" guide will help you understand how cybersecurity applies to your role and what you can do now to be proactive.
If you are a C-suite executive at your organization, do your employees have a process for reporting cyber vulnerabilities? Do you perform risk assessments and decision-making drills? Are your security policies institutionalized, communicated and in alignment with data protection/privacy regulations and laws?
The Georgia Tech Online Master of Science in Cybersecurity combines the technical intricacies of data protection with a grounding in public policy – the norms, agreements, treaties, and laws that affect information management today.
"Understanding cybersecurity from the standpoint of public policy and organizational management is so important that our core course Information Security & Strategies is required for all online cyber students at Georgia Tech, including those in the computer science track." -Milton Mueller, professor of public policy and creator of the Policy Track within the degree
Managers of facilities, manufacturing floors, and HVAC systems, for example, need to be aware there are vulnerabilities within legacy systems that were never created to be online but which now interact with online components. It’s your role to advise up the management chain and understand how new devices or vendors increase cyber risk.
"Building and process automation systems often are overlooked for cyber risk, but can in fact be among the most vulnerable parts of an organization." -Raheem Beyah, executive director of the Online Master of Science in Cybersecurity and co-founder of Fortiphyd Logic, Inc., an ICS cybersecurity company
Human Resources professionals are encouraged to make cybersecurity part of all training programs; embed cybersecurity practices and training into performance goals; protect HR assets with the strongest, multi-factor security methods; share only necessary information, and securely destroy what no longer needs to be kept.
If you’re in Finance, you need to understand the financial consequences of business disruption, loss of shareholder trust, and expected time to recovery. According to NIST, financial executives should collaborate with leadership and board on a strategy for emergency cybersecurity spending and also how to fund effective, ongoing cyber protection.
If you’re not part of leadership or management, there are things you can do as well, such as practice good habits like using a virtual private network (VPN) when using work computers offsite. You can also keep your business and personal online activities relegated to separate realms by not sharing business information via personal accounts and not sharing personal information via business accounts. Be wise about what you post on social media, and consider the trade-offs between attracting more followers versus opening yourself up to examination. The more you share online, the easier it is to guess which personal data might be part of your passwords.
“The frequency and impact of cybersecurity breaches can be reduced significantly by encouraging all employees to include cybersecurity considerations in their expertise areas. Whether one’s role is lawyer, IT professional, compliance officer, software engineer, or mid-level management, the Georgia Tech Cybersecurity Certificate provides a deeper understanding of cyber risk and provides the flexibility to explore a wide array of potential mitigations." -Barbara Fox, research scientist and professional education instructor, Information & Cyber Sciences Directorate
Hackers aren’t just kids pulling pranks from a basement – they are sophisticated actors sponsored by nation-states for purposes of espionage and psychological warfare. Everyone must be part of our national defense. Regardless of your role, Georgia Tech Professional Education offers an array of courses, certificates, and an online degree so you can build specific skills to fight back.
Reference: "Cybersecurity is Everyone's Job" by National Institute of Standards and Technology, used under CC BY-NC-SA 4.0/Desaturated from original