Remember back in that simpler time – 5 years ago – when botnets simply sent out spam or collected credit card numbers; or 10 years ago, when most computer viruses simply slowed down your computers, and when hackers simply defaced your web page or blocked access to it? When most of the free software that you could download actually did what it said it would, without much risk of losing control of your life or business?
These days, hackers are finding unsecured devices on the Internet that were designed for a specific purpose, and using them to attack others around the world by the thousands. Malware is infecting our computers and mobile devices, and using our trusted connections to online services to gather information, and use it against us for extortion. On a daily basis, Email phishing attacks are trying to launch ransomware that could take significant portions of our networks hostage. How in the world is a business supposed to get its employees to navigate this minefield to get any real work done?
What are employees responsible for these days?
Employees need to learn that now, more than ever, they are being entrusted by their employers to make good decisions. Gone is the easy life of routine, mindless jobs. Repetitive tasks are becoming more automated, and simple human activities and decisions are being outsourced to other organizations.
What does this leave for employees to do in order to be worth employing?
It means that, one of the most important skills for employees today is making good decisions, or having good judgement with respect to the business’s best interests. Increasingly, those decisions involve risks of costs and benefits. If employees don’t understand risks, and how to evaluate and treat them, then sooner or later they will become victims of today’s ubiquitous cyber threats; and they will be costing employers more than they are worth. In a sense, if you’re not doing a good job at managing the risks of your specialty area, your role may be outsourced to an organization with people who do have these skills. So, as employees, you will need to prove your value in this world of risk decisions.
Employers still have an interest in keeping that “human touch”
The idea of getting rid of those pesky employees, and outsourcing all human tasks may seem like an attractive thing to employers. But many employers differentiate themselves based on “the human touch”, or the “attention to customer needs” that usually only full-time dedicated employees can handle effectively.
How can employees be taught to make good risk decisions?
The key to helping employees navigate this minefield lies in teaching them about the cyber security risks facing their employers. It means learning how the results of their jobs impact their employer’s success, and therefore, their own success.
Employers should be offering basic education on the risks to the business from cyber threats. Every role in an organization has a need to trust and be trusted. People need to be led through that exercise of identifying whom they trust, and how to handle information responsibly, so they can be trusted.
Once is not enough…
Employers also need to constantly assess how well their team is dealing with the trust they’ve been given to make good decisions. Fortunately, with new technologies, we now have the ability to tailor education and assessment programs to monitor and improve employee decision-making. So, employers will be able to keep that “human touch”, and be able to trust their staff to help protect the business from cyber threats. Otherwise, why not replace those employees?