BLOG

Safeguarding Business through Staff Buy-In: Insights from South Africa’s InfoSec experts

Cybersecurity is no longer the sole responsibility of IT professionals. Every individual within an organisation plays a critical role in safeguarding sensitive information and protecting valuable assets

To delve into the strategies for fostering staff buy-in and enhancing cybersecurity measures, we turned to some of South Africa’s leading minds in the Information Security field. Here’s what they had to say about ensuring staff are educated and proactive in securing a company’s intellectual property.

1. EDUCATION AND TRAINING AS A FOUNDATION
The consensus among the experts is that education and training are paramount in cultivating a security-conscious workforce. Muyowa Mutemwa highlights the importance of personalising the message to resonate with individuals. Starting with relatable scenarios such as protecting personal bank accounts and social media platforms can help translate the significance of cybersecurity to the organisational context. Similarly, Amukelani Emily Manganyi identifies the need to train staff to be “cybersmart” and understand their roles in ensuring safety.

2. BRIDGING PERSONAL AND PROFESSIONAL SECURITY
Galeboe Mogotsi emphasises that cybersecurity training should be an integral part of an organisation’s Human Resources function. By bridging the gap between personal and professional security concerns, employees can better grasp the potential risks and take proactive measures to mitigate them.

3. INSIDER TRUST AND DATA MANAGEMENT
Amukelani Emily Manganyi introduces the concept of insider trust programs, which involve managing access to sensitive information. This includes monitoring and controlling movement within the organisation—covering joiners, movers, and leavers. Ayanda Peta further underlines the significance of understanding data access, device security, and risk assessment. Monitoring access and enforcing access control are vital components of protecting company IP.

4. CONTINUOUS TRAINING AND RISK AWARENESS
Ishaaq Jacobs advocates for ongoing training and regular updates to keep staff well-versed in cybersecurity best practices. By launching awareness projects that assign risk scores and hold individuals accountable for specific security aspects, organisations can enhance their overall security posture. Anthea Kruger emphasises the importance of making cybersecurity training compulsory across all levels of the organisation, from lower-level employees to the CEO.

5. INDIVIDUAL BEHAVIOUR AND RELATABILITY
Aashika Bava and Sandika Daya stress the need to assess individual perspectives and Behaviours. Security awareness initiatives should consider human Behavioural patterns and preferences, making content relatable and easily understandable for staff. Bava suggests that this approach can contribute to higher engagement and compliance with security protocols.

6. MONITORING, DETECTION AND RESPONSE
Sithembile Songo and Bernard Munyaradzi Chadenga delve into the importance of monitoring, measuring the effectiveness of awareness programs, and utilising detection technology. Realistic simulations and crisis scenarios can help staff grasp the urgency and gravity of cybersecurity threats, driving home the importance of their roles in safeguarding the organisation.

7. COLLABORATION, ENVIRONMENT AND INFORMATION CONTROL
Yurika Pistorius and Aveena Mothilal highlight the significance of collaboration between different departments to establish secure environments. Monitoring and device management remain essential components of effective cybersecurity strategies. Pistorius further emphasises the importance of providing only necessary information and understanding potential threats for timely reporting.

SUMMING UP THE OVERARCHING THEMES
Across the insights provided by South Africa’s InfoSec experts, several consistent themes emerge:
Education and Training: Consistently educating and training staff to recognise and respond to cybersecurity threats is vital.
Personal Connection: Relating cybersecurity to personal experiences can help individuals understand the relevance and impact of security measures.
Continuous Improvement: Regular updates, monitoring, and measurements of awareness programs ensure ongoing cybersecurity preparedness.
Collaboration and Relatability: Understanding individual Behaviour s and collaborating across departments enhances cybersecurity efforts.
Data Management and Access Control: Managing data access and monitoring movement within the organisation are crucial.
Realistic Simulations: Real-life simulations can effectively convey the importance of cybersecurity and promote proactive behaviours.

In a digital landscape where threats are ever-evolving, fostering staff buy-in is not just a security strategy—it’s a business imperative. By embracing the insights and strategies shared by South Africa’s InfoSec experts, organisations can build a security-conscious culture that safeguards intellectual property and preserves the trust of stakeholders. Remember, in the realm of cybersecurity, everyone’s vigilance matters.

 

*The thought leaders that contributed to this blog will be speaking at CISO Kanect on 12 & 13 October 2023 at The Marriott Hotel, in the heart of Johannesburg, in Melrose Arch. See them in action, register by 31 August 2023 and save R 2,500.