August 24, 2021

Creating a Culture of Cybersecurity

Cybersecurity is often associated with complex technology and skilled, technical experts. Technology and IT professionals are certainly one part of protective cybersecurity, but a strong culture of cybersecurity goes well beyond technology and security experts. Given that the average cost of a data breach is now approaching $4 million, cybersecurity is rightly being paid a lot of attention. CPA firms are also at particular risk given the high financial value of their data, and there are certain threats that specifically target CPA firms. As we’ve pointed out in previous blog topics, the best wall in the world won’t help if someone on the inside lets the intruder in through the gate. A culture of cybersecurity ensures that all staff understand their importance in keeping the company secure. At Cetrom, we focus on using the most advanced technology including artificial intelligence, offering 24/7 assistance, and employing skilled engineers, yet we continually emphasize to our clients that creating a culture of cybersecurity is one of the best things they can do to protect their company. Here are some of the suggestions we have for creating a cybersecurity culture.  

What is a Cybersecurity Culture?

Culture is mostly made up of the little things that often go unnoticed to people within that culture. In a society it can be things like how people are greeted or popular meals and even what eye contact symbolizes. Similarly, cybersecurity culture is made up of everyday actions and routines like how staff choose passwords and send information to each other and clients. Cybersecurity culture is also how emails are opened and answered, as well as the organization’s policies concerning remote work, web browsing, and data storage. Cybersecurity culture may seem mundane, but strong security is built on these simple fundamentals. Culture can be thought of as the end result of habits and mindsets. In order to change a culture, or create a new one, an organization and its members must pay careful attention to their everyday actions and routines. 

Five Tips for Creating a Cybersecurity Culture

Creating a strong cybersecurity culture needs to be based in simplicity, easy to understand and actionable requests, and clear reasoning and communication. The end goal is to eliminate barriers for staff in order to get complete buy-in around the priority of cybersecurity. Below are five of the ways that we at Cetrom have helped our clients create a culture of cybersecurity. 

  1. Employees are the first line of defense: From C-suite executives to temporary interns, employees are a critical part of developing strong cybersecurity. According to “Kaspersky Daily,” at least 46% of cybersecurity incidents are caused by careless or ignorant staff members. Employees are the first line of defense, and put another way, they are the primary weakness. Learning how to spot a malicious email is a simple and highly effective skill for all employees. Employees need to know what they must do in order to keep the company and client data safe — the simpler the better. For example, emphasizing three key procedures like creating strong passwords, practicing safe email and browsing habits, and using data security best practices may prove more effective than overwhelming staff with a laundry list of security practices. Employees also need to be supported through cybersecurity training, access to two-factor authentication, and adequate technology. Make it clear to employees that their web-browsing, email, and data habits are critical to your firm’s cybersecurity success — and what’s more, show them what you expect through cybersecurity training courses.  
  2. Develop & implement cybersecurity training courses: Cybersecurity training provides the foundation for norm and habit changes. Often, employees are focused exclusively on succeeding at their job, and cybersecurity and data security take a backseat to speed and ease. Without proper training, it’s easy to develop dangerous cyber habits. Cybersecurity training needs to be part of every employee’s onboarding procedure and should be done multiple times a year. At Cetrom we offer customized training, but at a minimum training needs to address: email best practices; data security procedures; spotting common scams like phishing and malware; emerging cyber threats; building strong passwords; staying secure while working remotely or on mobile devices; and recognizing and communicating threats. In addition to implementing training, testing your training is an essential part of creating a culture of cybersecurity. 
  3. Test your training: Training is only as good as its end result. Like a competition can highlight the impact of practices, testing your training helps ensure its effectiveness. Testing your cybersecurity training allows you to get a real time look at current weaknesses and strengths. Within employee training, tests can be as simple as questions about key training concepts and not allowing employees to move on until they pass. Tests can also be broader and more in-depth, like mock email scams, data security probes, or an assessment of employees’ password strengths. It’s often best to have the test administered by an objective party that will actively try to exploit weaknesses in the system. Tests are key to gauging employee buy-in and habits, while making security the easy choice helps ensure you’re setting employees up to succeed. 
  4. Make security the easy choice: Like stocking a house full of fruits and healthy meals makes healthy eating the easy choice, structuring your firm's systems and policies to reinforce cybersecurity makes security the default choice. Broadly speaking, consistent education, reminders and reinforcement help build secure habits. Security should be baked into your firm’s practices through password expirations, strong email and browser filters, and enterprise-level security. Have specific company policies that reinforce security like web-browsing rules, email best practices, and remote work policies. Employees should confirm their agreement with these policies. The digital security experts at Norton recommend cybersecurity compliance programs that require changing passwords frequently and updating key applications. Pave the way for employees to practice good security, and finally, inspire ownership over the process and results. 
  5. Inspire ownership — data security is an all-hands effort: Be sure employees know what they need to do and how important their role is for strong data security. Some companies will provide incentives (like cash, gift certificates, and PTO) for good data security practices and for taking the extra step to keep data safe. Many organizations are making data security and other cybersecurity practices part of employee and department evaluations. Ownership means benefiting when things go well and struggling when they go wrong. Inspiring ownership makes it clear that cybersecurity is shared by all employees.   

What’s the Bottom Line?

At Cetrom, we certainly believe in and actively use advanced technology and capable engineers. But we also recognize the importance a company’s culture plays in avoiding cybersecurity incidents and data breaches. It’s why we offer frequent employee training, system testing, and around-the-clock support. Even if your company isn’t quite ready to upgrade your security to a cloud-based solution, improving your firm’s cybersecurity culture is one of the most proactive steps you can take to improve security. As a starting place for creating a stronger culture of cybersecurity, focus on the everyday habits, implementing long-term institutional change, and building a culture where security is the easy, default choice. If you have questions about how to create a culture of cybersecurity at your specific organization or how to take the next step toward better security, contact Cetrom today

Contact Us

Is Copilot An Accountant’s New Best Friend?

Creativity may not be the first trait that comes to mind when considering what happens at a CPA firm. However, accountants often find themselves in..
March 25,2024

Cetrom Support fixed all of my problems, their engineers are very professional, courteous, friendly and very efficient. If all customer service out there was like this, it would be a better world...

- Mid-sized
View All

One of the things we appreciate wholeheartedly about working with Cetrom is how great the people in the service area are and the high-level of responsiveness we have received. I’ve been very pleased..

- Mid-sized
View All

Cetrom’s services and support really stood out against the other cloud vendors. We thought their Citrix delivery platform would have a higher level of adoption because our employees would have the..

- Mid-sized
View All

Our accounting services users working in the field have greatly benefited from our migration to the cloud. They’re now able to be much more efficient while working in a client’s office because they..

- Mid-sized
View All

The decision to migrate to the cloud was one of the best business decisions Rub & Brillhart has made. It required an investment, but we have determined that our year two IT costs will be reduced by..

- Midwest
View All

Our migration process with Cetrom was very smooth and we had an excellent experience with their support during the demo process. We have 24/7 monitoring on our onsite equipment and they have the..

- Small
View All

We are extremely happy with the service and support we receive from Cetrom. Our staff is more efficient overall in our day-to-day activities and we don’t have any downtime. It’s a good feeling..

- Mid-sized
View All

Cetrom is an extremely cost-effective option for IT services. Not only do we receive significantly improved customer service, but we were also able to add a new VoIP system, better internet service,..

- Mid-sized
View All

Because we use specialized software for CPAs, we were concerned about the migration process. Cetrom’s CEO reassured us that there’s no concern because they understand how the software operates in the..

- Mid-sized
View All

We use two programs that often posed a challenge for our previous IT providers. Cetrom handled the situation professionally, coordinated with the software vendors, did all the backend testing, and..

- Mid-sized
View All

After interviewing and reviewing the proposals from various IT providers, it was really a night and day comparison about price, service, and performance—Cetrom was just outshining the others on every..

- Mid-sized
View All

I just want to drop you a line and let you know how pleased we are with our move to Cetrom. Your people knocked it out of the park for us and are doing a great job getting us up and working. On our..

- Small-sized
View All

Because we use specialized software for CPAs, we were concerned about the migration process. Cetrom’s CEO reassured us that there’s no concern because they understand how the software operates in the..

- 97%
View All

Cetrom’s Cloud Computing offers a high-quality, reliable and secure alternative to traditional IT management and provides immediate access to all my IT resources whether I’m in the office, at home or..

- High-quality,
View All

blog Archives

See all

Is Copilot An Accountant’s New Best Friend?

Creativity may not be the first trait that comes to mind when considering what happens at a CPA firm. However, accountants often find themselves in..
March 25,2024

Cetrom Support fixed all of my problems, their engineers are very professional, courteous, friendly and very efficient. If all customer service out there was like...

- Mid-sized
View All

Blog Archives

See all
Is Cetrom Your Cloud Services Solution?