The world of cybersecurity is complex and demanding, given the vast array of new attacks and techniques, and their growing strength. Developing strong and consistent cybersecurity policies is a growing need for companies and institutions.
The impact of any one attack can be tremendous. From a single affected machine we can go to thousands in a matter of hours, and this can lead to millions of compromised user accounts, for example.
The responsibility in building a culture of cybersecurity in the company belongs to everyone, from managers, through the cybersecurity person to the last person who has access to a device, service or account. We call that shared responsibility , and it is one of the fundamental keys to keeping your business and data safe.
The shared responsibility for cybersecurity implies that everyone is responsible for following best practices in cybersecurity, such as turning off laptops completely before you leave, close the office doors, keeping good passwords (and renew them periodically) And a long etcetera.
Shared responsibility when we work in the Cloud
One of the key principles of cloud security is precisely this model of shared responsibility . What it basically implies is that there are some things for which the client (who accesses the services in the Cloud) is always responsible. For example, data, devices, accounts, and identities.
Instead, there are a few things that the service provider is always responsible for: physical hosts, networks, and data centers. In a public cloud environment, however, this responsibility that we just mentioned, such as maintaining operating systems, establishing network controls, responsibility for applications and directory infrastructure, among other things, is going to vary depending on the type of service.
Educating employees in cybersecurity best practices is critical to keeping business and data safe, hence staff awareness and preparation is key to creating a culture of cybersecurity.
It must be said that most of the employees are willing to comply with the security policies. In many cases, they just need to know what they are and the rationale behind them.
Therefore, offering cybersecurity training based on best practices established in policies is important. Continuously and consistently communicating any updates to regulations and policies, and planning training at the time of incorporation of new employees are other good practices.
Finally, these are some examples of security knowledge that employees of any company should know:
- Password management .
- Know how phishing works , and examples.
- How to properly backup your data .
- How to send personal and confidential information correctly.
- Knowledge about account, access and authentication limits for your device.
- General security policies and best practices.
As we can see, they are not, in reality, advanced knowledge, but a series of good practices that will allow workers to maintain minimum security barriers , but very effective in the fight against cybercrime.