<img src="https://ad.doubleclick.net/ddm/activity/src=11631230;type=pagevw0;cat=pw_allpg;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=${GDPR};gdpr_consent=${GDPR_CONSENT_755};ord=1;num=1?" width="1" height="1" alt="">

Cybersecurity for Humans

A Virtru Guide to Cultivating Security-Conscious Teams 

We're all human.

We've all made mistakes. That's just part of being a human on planet Earth.

And, whether you're a CISO or an intern, you've also made mistakes when it comes to security—whether that’s accidentally hitting “Reply All” (so embarrassing), mistakenly sending a report to Sarah in sales instead of Sarah in human resources (oops), absentmindedly clicking on a questionable link (oh no), or quickly forwarding an email that turned out to contain sensitive information farther down the thread (oh NO). 

So, what's a mere mortal to do when entrusted with vitally important information?

Don't panic: For all our flaws, humans can also make pretty great decisions IF we're empowered with the information and tools we need to do so.   

Whether it’s an HR team onboarding a new employee, 

A healthcare provider sharing test results with a patient,

An insurance agent managing a claim,

A special education teacher sharing a student’s individualized education plan with a parent,

Or sharing any other kind of potentially sensitive information, 

It’s important that every team is empowered to do their jobs well, and that includes the ability to share data securely and confidently. 

Cybersecurity for Humans 1-1

"How do I get people to care about cybersecurity?"

This challenge is top of mind for technology leaders across industries, particularly those who have large workforces with a large surface area of risk. The larger the workforce—and the more globally distributed that workforce is—the more challenging it can be to monitor and guide employee behaviors around security.

Here are a few questions to consider:

Frame the Story

  • Am I leading with a message of fear and negativity, or one that empowers people to act with confidence?
  • Am I showing people that I trust them?
  • Am I initiating meaningful dialogue or simply telling people what to do?

Create Clarity

  • Do people understand their data protection responsibility?
  • Are people encouraged to self-report if they make a mistake?
  • Am I incorporating teaching moments often to keep security top of mind, or just requiring training at certain times of year?

Bring Others In

  • Do managers at my company practice good security habits themselves?
  • Do people have an opportunity to contribute to the security conversation (whether they’re in IT or not)?
  • Am I giving a voice to others on my team who can share their experiences?

Cybersecurity is about people — and everyone has a role.

When you think about it, cybersecurity is ultimately about people. Yes, technology plays a big role — but, at best, your tech is your Best Supporting Actor. Without the star of the show (that's you and your teams), things would be pretty boring.

But you and your team, working valiantly day in and day out to quash cyber attacks and mitigate risk? The brave heroes mightily protecting your customers' privacy and security? You're the Meryl Streep of this performance.

But, before you start writing your Oscars acceptance speech, you need to get buy-in from your entire cast and crew. To get people invested in security, lead with positivity and enthusiasm for the important work you do. Don't just tell people what to do: Show them why they should care, and what’s in it for them. Get them involved in the story.

Have you ever watched someone in a niche field speak passionately about their subject matter? It doesn’t matter what the topic is: marine biology, Kubernetes, tomato gardening, or their favorite band. When the speaker is visibly engaged and excited about the topic, it’s compelling to listeners, regardless of how much knowledge those listeners have on the subject. 

Quotes-for-On-Page

This is the power you wield as a security leader. If storytelling isn’t your forte, start by just sharing what you know in a positive way. Explain to employees how quickly the security landscape is evolving—both in the workplace as well as personal contexts. Talk about data privacy and emerging technology. Show them what kinds of threats you and your team have mitigated. Demonstrate the real-world impact your team have, whether it's reporting a phishing attempt, encrypting a student's health record, or protecting a client's private information against compromise. 

Ultimately, strong security leads to more confidence and more freedom. Regardless of your role in a company, that’s something to get excited about. 

Cybersecurity for Humans 4-1

Disrupt the status quo.

“Culture change is tough,” said Leroy Cunningham, Information Security Manager at CMI. “And people are used to doing things the way they’ve always done it. We try to create an educational shift, so if there’s anything that allows me to empower employees, and at the same time educate them, it’s win-win.” 

Cunningham’s team uses Virtru’s configurable Data Loss Prevention (DLP) rules to encrypt some types of data by default—such as credit card information—but for some categories, Cunningham prefers to issue a warning, using that as a teaching moment

“While Virtru provides us with a safety net, we also like the idea of being able to educate our users at the same time. So, instead of automatically encrypting something sensitive, we can let the users know and advise them to encrypt it. That way, there’s always a learning process in place.

"I think that’s key: keeping security top of mind and not creating complacency. It just reaffirms that thought process and, over time, it becomes second nature to them… These aren’t things that I can just teach them, it has to be something they can see and touch for themselves.”

Read the Case Study

Empower your (human) teams with human-friendly tools.

If you want to engage your teams around security, you need to give them the tools they need to succeed. 

That means simple tools that don't interfere with their ability to get their jobs done. 

With Virtru, you can deploy human-friendly cybersecurity that: 

  • Layers powerful security into the apps people already use every day (Google Workspace, Microsoft 365, Salesforce, etc.) 
  • Adds a safety net for those very-human "oops" scenarios so that, when people inevitably make mistakes, you're covered. DLP rules and automated encryption can save you a lot of headaches. 
  • Doesn't slow down information sharing. High-performing teams need to share information quickly and easily — security should be a tool, not a hindrance. 

We'd love to talk security with you and explore ways to help empower your teams to share information quickly, easily, and securely. 

Book a demo with Virtru today.

Get Started