When is a company’s top-of-the-line cybersecurity system actually ineffective? An April 15 Law.com analysis posed that question to McGuireWoods partner Andrew Konia and other cybersecurity law professionals. Their answer: when it’s too complicated or burdensome for employees to use.
As regulatory pressure intensifies for companies to safeguard their data and that of their customers against increasingly sophisticated challenges from cyber criminals, organizations respond by deploying more powerful tools and procedures. But success can rely more on employees than on hardware and software.
Asking employees to take on added cybersecurity duties for which they’re not paid isn’t easy to sell, said Tysons-based Konia, who co-leads McGuireWoods’ data privacy and security team. “And the truth is that they really need to buy it,” he said. “It’s critical to the health of the company, it’s critical to the success of the company.”
The imperative for sound cybersecurity practices needs to be a consistent workplace message backed by clearly delineated responsibilities and regular checkups, he said. It’s easier to hold people accountable once timetables and expectations are set.
“These people are undertaking sometimes a very new task to them. They need support, they need some guidance and they need to feel the love,” Konia said.