Insider Intelligence: The Three Ps of Securing a Security Company

Aug. 12, 2015
The first of a three-part series looks at managing cybersecurity from an employee perspective

The old phrase “mind your Ps and Qs” likely dates back to early typographers, who had be careful as they set every line of text one letter at a time. In today’s lexicon, it serves as a simple reminder to pay careful attention to the details.

In thinking about how we can make our workplace more secure and how we can mitigate security breaches at our companies, the details are critical. In the spirit of minding your Ps and Qs, there are three Ps that business managers and company leaders can focus on to make our workplaces more productive and secure: People, Products and Profitability. The first installment of this three-part series will focus on People.

We hire good people, right? We give them DISC assessments, we ask them situational questions and provide them with the latest psychological tests. We expose them to their new team and measure their response; we carefully explain and train them on their new role. In the end, we expect and assume that they understand and will adhere to our security policies. Well, it just doesn’t happen, not by a long shot.

We have all seen headlines about major cyber breaches and information leaks over the last few years. What many of these incidents share is that an employee or contractor of the company has been responsible for either letting in the bad guys or taking information themselves directly from the network. While some people may blame those incidents solely on the employees, I think the blame is better directed at the company itself for not keeping a close eye on the activities. Whether malicious or not, the people causing data breaches and leaks have access to a wealth of information.

We need to change our assumptions and develop a very proactive, aggressive security stance when it comes to the people who work for us. What is our company’s on-boarding security policy? What is our “Bring Your Own Device” policy? What is our written security policy that we train new employees on? What is our ongoing communication and training procedure for security in the workplace?

The truth is, employees are arguably our greatest strength while also being the greatest security risk to modern businesses. As an example, 48 percent of all employees share their login password with fellow employees. It is even worse with millennials — although they are more technically savvy, the millennial generation is far more likely to visit unsafe websites and share login credentials with others. As a result, this makes our companies more susceptible to security risks and breaches. As managers, we really need to examine why this is occurring.

Why it Happens

While we train on the industry and products, we may tend to overlook training on the cultural awareness needed to be more security conscious. We are forgetting that many of these great employees we are hiring are simply unaware of the harm they can cause by the websites they visit, the social media sites they frequent, and the online habits they bring to their new role. Our employees have had a lifetime to develop their habits, and we just assume they will change once they join a security company. We need to recognize this flaw and implement changes now.

Employees are a company’s greatest asset — I have spent a lifetime believing this. That being said, we must develop a clear communication path to explain why workplace security and security breaches are so important and even more critical to those of us in the security market. It is simply imperative that our employees understand their role in making our workplaces more secure. It all boils down to open, transparent communication and ongoing training.

Ric McCullough is vice president of sales and customer service for PSA Security Network. To request more information about PSA, please visit www.securityinfowatch.com/10214742.