Imagine the following: A mid-level HR employee receives an unsolicited resume. The company’s policy is to forward all unsolicited and suspicious emails to a designated mailbox maintained by the IT group for further inspection before opening any attachments or clicking any links. The employee without thinking opens the attachment. This seemingly minor mistake allowed a cyber-criminal to gain a foothold in the company’s network from which he could pursue countless malicious acts damaging the company and its customers, and resulting in millions of dollars of liability.
As the above example demonstrates, cybersecurity has become a critical issue for all companies, both large and small. Resources are increasingly being spent on bettering corporate cybersecurity practices. Whether companies focus on conducting risk assessments, implementing novel technologies, adopting new policies and procedures, or other options, there has been a clear shift towards a greater recognition of the importance of cybersecurity. While these are certainly important steps to take, they do not address one of the greatest vulnerabilities an organization faces: its employees.1 Until companies begin to alter their corporate culture in dealing with cybersecurity, it will always remain a weak link in their technical cybersecurity defenses. How can a company implement a cybersecurity-conscious culture? Through broken windows cyber-policing.
