Cybersecurity is increasingly top of mind for small and medium-sized organizations. A recent Dashlane report confirmed that hybrid work is now commonplace, changing the way both people and organizations view cybersecurity. Consequently, organizations need to step up their efforts to improve their defenses.
Through our survey, we learned that 83% of participants noticed an increased awareness at their organizations, but only about a third of organizations took action as a result—indicating that many businesses are still early in their cybersecurity journey. As you look for ways to boost cybersecurity, keep in mind that driving behavioral change is key to a successful strategy, and behavioral change requires a combination of people, processes, and technologies.
Here are five recommended steps to help you implement security best practices:
1. Boost security culture with awareness and tools
Build a strong security culture by encouraging active employee participation. It’s not enough for them to understand how their actions affect your organization’s security. Awareness is only the first step—ensure they have the right tools to help them change behaviors such as reusing or creating weak passwords.
2. Put people above policies
Prioritizing security policies rather than people invites workarounds and creates security gaps. If you implement policies or security tools that get in the way of productivity, employees will find a way around them. They want to get their work done fast, without unnecessary frustration. Human-centric security balances business needs with security rather than meeting one objective at the expense of the other.
3. Embed security practices and awareness into all your processes
Security awareness and training are not annual or even quarterly events. Work toward a security-first mindset by integrating best practices and training into everything your business does. Make security awareness and training an ongoing effort. Start building a strong security foundation from the moment you onboard new hires and find ways to consistently keep security a part of the conversation.
4. Start by boosting defenses in the riskiest areas
Boosting cybersecurity is a multi-faceted process, and all those layers can get overwhelming quickly, even for bigger organizations. Start by understanding your highest risks. For example, what areas create the biggest vulnerabilities for your people and processes due to the hybrid environment? What kind of tactics and attack vectors are malicious actors more likely to use against your organization? Work on the most urgent areas first and then continue to evaluate your priorities and add more security layers.
5. Measure progress—and iterate
To boost your security posture over time, make sure you understand how well your initiatives are working. Determine your key performance indicators and the metrics you can use to measure progress. Monitor the results, share them with your employees, and consistently identify new areas for improvement. For example, if your password manager adoption rate is low, consider looking for a password manager that is easier to use and seamlessly integrates with your identity provider (IdP) and single sign-on (SSO) solution.
According to our survey, using a password manager is the top change organizations made as a result of remote work. Additionally, both surveyed workers and IT leaders believe that a password manager lowers their organization’s risk of being hacked or breached. When evaluating password management solutions, consider the following criteria:
A password manager that’s simple for employees and admins to use will greatly improve adoption rates. You can’t afford to invest in a tool that’s not being used consistently. Low adoption also means you’re still exposed.
Features such as autofill and syncing across devices aren’t simply convenient—they make your employees more productive and reduce frustration with digital tools. To encourage adoption, ensure you educate employees about these features.
Password managers are designed to help employees securely create, store, and manage passwords—but you should demand a lot more from your password management solution. Features such as password sharing and simplified onboarding and offboarding further boost your security posture by eliminating high-risk practices such as emailing passwords or leaving accounts active long after employees leave the organization.
As your business grows, your password manager should grow with it. Many organizations adopt SSO as their processes mature, and ensuring that your password management solution integrates with SSO will reduce rollout issues later.
Employees need to act quickly when their credentials are compromised. A password management solution that integrates with dark web monitoring will send your employees alerts when their logins appear on the criminal underground and immediately prompt them to change their affected passwords.
To measure progress, you need metrics, and password health is a powerful indicator of how well your security initiatives are working. A password manager that offers a password health feature helps employees understand their habits while helping admins uncover gaps and take corrective measures.
The growing volume of cyberattacks raises the urgency for small businesses to boost their defenses. To improve your cybersecurity, start by connecting it to your business goals. Doing so helps bring security from the sidelines to the forefront—and improves your success of adopting human-centric security.
Discover more cybersecurity trend insights in the 2022 Future of Secure Work for People + Organizations report.