For the last decade, we have seen cyber-security awareness transform from an issue that primarily occupied the minds of IT staff, and maybe some astute executives, to one in which every single employee from all industries must be well versed. This sounds like common sense, given the increase in which today’s modern employee interacts with technology. But have we been approaching those interactions in the best way when it comes setting expectations for staff responsibility?

The most frequent comment I hear from front line staff members when discussing cyber-awareness training is “this isn’t my job!” and in their defense, it’s a valid point. When a nurse or physician applies for a job at a hospital, they are focused on caring for patients, not identifying phishing emails or preventing catastrophic network failure due to ransomware. Unfortunately, the reality is that every modern work space involves interactions with technology and, therefore, every job now requires a mandatory security awareness component.

It behooves organization leaders to embrace the reality that every job is now a cyber-security job and actively engage the changing environment. Cyber-security should be a part of culture, not that “other thing” you are forced to do in addition to your real job. Given the millions of business dollars lost in cyber crime each year, the most successful risk management plan involves your prime asset, your staff.

-Alexander Laham, MBA, CISSP, HCISPP