Cybersecurity is everyone’s job. This was the message and the title of a guidebook from the National Initiative for Cybersecurity Education (NICE) team, a subgroup led by NIST, published in 2018. Listen to what Donna and David have to say about this guidebook in episode 259 of their Help Me With HIPAA podcast. See how the message still holds true, more than ever, today.
NICE’s Cybersecurity is Everyone’s Job guidebook outlines what each of our responsibilities are to protect the organization. It is very important to emphasize that security is the responsibilities of each member of the organization, from the newest employee to the C-Suite / Managing Provider. The responsibility for security does not just lay in the hands of the technology department, it really is up to every employee to protect the organization. Employees can be the greatest vulnerability or the greatest asset to an organization. The NICE guidebook lays out, with great detail and respect, what each job function should be doing to protect the company.
Cybersecurity is Everyone’s Job breaks down the business functions in seven categories:
- Leadership, Planning and Governance
- Sales, Marketing and Communications
- Facilities, Physical Systems, and Operations
- Finance and Administration
- Human Resources
- Legal and Compliance
- Information Technology
The guide discusses the importance of building a cyber-secure culture. It outlines each business function’s responsibilities clearly. One of the nice things about the guide is that it shows how important each role is. It treats each role with respect. The guide goes on to talk about, “Doing the Right Thing”, and not becoming “Patient Zero”. Just like in warding off human viruses, we take precautions like washing our hands and covering our coughs and sneezes. Warding off a cyberattack starts with exercising security precautions, being willing to learn, knowing that technology is continually evolving, etc. I am not sure if NICE had a crystal ball back then, but if everyone would have acted on the advice from this guidebook in 2018 when it was published, maybe we’d have a better security posture here in 2020. We all should think about applying this guidebook not only to our businesses, but to our lives too. Taking responsibility for our part in keeping ourselves, our families, and our communities safe during COVID-19 and respecting each other no matter what status in life we hold… Wow, could Louis Armstrong have been right? What a wonderful world it could be.