Every user has the potential to cause security problems. But when it comes to the worst offenders, the hands-down riskiest group in your workplace is senior managers.
- 87% of senior managers regularly upload work files to personal email or a cloud account
- 58% have accidentally sent sensitive information to the wrong person, and
- 51% have taken files with them when leaving a job.
That’s concerning enough on its own. Couple with the fact that these executives have access to more sensitive and proprietary information than the average user, and you’ve got trouble.
Oddly enough, these high-ranking officials seem to realize they’re not doing so well with cybersecurity. From the survey:
- 45% of senior leadership said that they themselves were responsible for protecting companies against cyberattacks, but
- 52% graded their response to cyber threats C, D or F.
Getting them onboard
The best strategy for protecting your systems against threats is to bring these executives on board with security. Here are three strategies for doing it:
- Make them enforcers. Talk with other managers about needing their cooperation on spreading the cybersecurity message. Ask them to speak with their teams on the importance of following policies. This helps the message trickle down to users, but it also forces executives to think more about security policies themselves. They’ll know they have to step up their own game.
- Make it exclusive. Training doesn’t have to be the same for every group. Executives should know they’re being actively targeted by hackers and hold onto to valuable data others don’t get. This groups prizes its special role in the company. Acknowledge they’re in a unique situation and provide exclusive training that addresses the kinds of risks they’re likely to face.
- Make them accountable. The tie between cyber risks and executives is nothing new. Many of them believe they should be exempt from or above policies. But if it comes down to putting your foot down to protecting the data, that’s a step you’re going to have to take. Explain the risks, explain the policies and let them know that those policies apply to everyone in the organization.
For a sample policy on cloud storage, click here.