The 3 Most Important Aspects of Company Cybersecurity

""

When it comes to cybersecurity in business, you need to consider your employees, tech, and processes.

Cybersecurity experts say employees are the weakest link when it comes to company security. By itself, that statement is a bit misleading—it lays too much blame solely on employees. In fact, when it comes to a thorough cybersecurity risk assessment, there are three main factors that need to work effectively in conjunction to lower the risk of hacks and data breaches: people, processes, and technology. 

Before we touch on each of these topics, let’s look at what’s at stake.

The shocking stats of cybersecurity incidents 

By taking into account the size of your company, the likelihood of cybersecurity incidents like ransomware attacks, and your company’s investment in security tech, you can identify which aspect of your business needs more attention. Below we provide a risk assessment checklist and the common snares companies encounter when it comes to people, processes, and technology. 

Our cybersecurity risk assessment checklists 

There are three main factors that allow you to foresee how a cyberattack may impact your business:

Company factors  

Calculate impact from employees losing access to IT resources during an incident, using data such as: 

  1. Number of employees  
  2. How many countries you’re doing business in 
  3. Annual company turnover 
  4. Number of high-impact employees and salary for each 
  5. Number of medium-impact employees and salary for each 
  6. Number of low-impact employees and salary for each 
  7. Number of workdays lost per incident 

Threats 

Estimate impact from each threat (e.g., ransomware) based on: 

  1. Probability of occurrence 
  2. Turnover days lost 
  3. Productivity days lost 
  4. Chance of losing market positioning 
  5. Workdays lost for each of the three categories of impacted users 
  6. Impact on brand reputation 

Tools 

Calculate cost of each cybersecurity solution that can help prevent each of the threats, based on: 

  1. Yearly cost of the security technology 
  2. Cost of implementation (internal costs and costs of outside experts) 
  3. Cost of maintenance and management  

Understanding the cybersecurity risks  

Now that you have a better idea of your business’s risk factors, let’s delve deeper into how people, processes, and tech contribute to the overall cybersecurity of your company. 

People  

Inattentive habits and behaviors, poor security culture, and human error are all factors that contribute to what security practitioners like to describe as the “weakest link” in any organization. Whether employees are careless or the target of phishing campaigns, they create weaknesses that cybercriminals are quick to exploit. For the most part, these are preventable risks that you can mitigate with a combination of security tools and practices. 

A strong security culture is fundamental. Employees and leaders both play a big role in protecting your business. By creating and promoting a security-oriented culture, you’re empowering employees to actively participate in the security conversation, safeguard sensitive data, and adopt good habits. 

As Naya Moss, infosec pro and founder of Frauvis puts it, “I always shock people when I tell them the best tool you can have is a human-first mindset: treating your employees with respect and providing them with the right knowledge and software. […] It is important to view employees as internal customers.” (You can read more from Naya here).  

Processes  

Threat actors take advantage of organizations’ poor password management, nonexistent or disparate security policies, and other lax processes. These processes might increase your company’s risk of a hack or data breach:

  • Unsecure password management practices, such as sharing passwords via email or storing them in spreadsheets 
  • Irregular or inconsistent patching and updates for software and devices 
  • Weak data privacy and access policies, such as lack of two-factor authentication or least privilege controls 

Similar to people-driven risk factors, you can help prevent risks stemming from weak processes by adopting the right tools and better practices. The right tools are especially essential because you want to ensure your processes don’t hinder your employees’ productivity. For example, encouraging employees to use a password manager might mitigate the risks of a hack or data breach, so long as you make it simple for them to adopt this new tool:

Technology  

Employees are not fond of remembering passwords. Yet only 15% use a password manager. Instead:  

36%

write passwords down on paper

23%

store passwords in their browser

16%

other unsecure ways (e.g. notes app)

Many organizations put a lot of stock in their security technologies, adding more solutions as new threats arise. Too often, technology either takes a piecemeal approach to the problem, is too complex to manage by small IT teams, or creates so many hurdles for employees that they find ways to circumvent the safeguards. 

For security technology to be effective, it needs to align well with the other two components—people and processes. It should be simple enough for both employees and admins to fully embrace, yet efficiently support robust processes.

Want more info?

Download our free e-book, A Business Guide to Data Breaches and Hacks, and level up your company’s cybersecurity today.

    Dashlane

    Dashlane is a web and mobile app that simplifies password management for people and businesses. We empower organizations to protect company and employee data, while helping everyone easily log in to the accounts they need—anytime, anywhere.

    Read More