With more employees working remotely than ever before, business leaders are racing to add additional security layers to protect their organizations against cyber attacks — and with good reason. Our research shows a significant spike in phishing attempts and other cyber threats since the start of the pandemic. As leaders strive to safeguard their businesses, they should also work to protect society against destructive cyber attacks. How? By taking the lead on cyber education in their communities.
A single successful cyber attack can have devastating emotional, financial and societal consequences on your stakeholders, including your employees, customers and suppliers. Tax scams and phishing can cost people their life savings. Misinformation campaigns, like several recent ones aimed at spreading false information about COVID-19, can intensify a public health crisis. Hacks on political parties’ emails and election-related organizations undermine democracy. Stolen personal data, such as medical information or private texts, can ruin someone’s reputation.
The variety and sophistication of cyber attacks are escalating. But PwC’s recent Workforce Pulse Survey shows that people’s behaviors and their ability to identify cyber threats are not evolving fast enough to keep up with hackers and other cyber criminals.
Businesses have an opportunity to make a difference in their community by leading with purpose to help people defend themselves from cyber attacks. In our survey, 73% of employees say their organization should take a leading role on cyber education in the communities where they work and live. That number is even higher (80%) among Millennials. Here are four ways businesses can help.
Bad actors deliberately spread fake news and false information online — and many people fall for it. Providing cyber education for your employees and your community can help people better spot misinformation so they don’t believe it or share it. But those measures can only go so far, and combating misinformation campaigns should not be left up to policymakers or tech companies alone. In fact, 86% of employees we surveyed said the spread of disinformation should be a concern for all businesses — a number that rises to 95% among Baby Boomers.
Basic awareness and education of cyber risks are required to help protect citizens from the potential hardships that could result from a cyber scam or attack. But there’s no one-size-fits-all approach, so educational programs must be tailored so the messages resonate with people. Demographics, tech experience and even generational attitudes can influence people’s ability and willingness to participate.
For example, our survey found that 84% of Baby Boomers believe the first and best defense for data and security protection is for individuals to be generally skeptical, which indicates that they’re likely to be receptive to education that focuses on behavioral measures, like using strong passwords or updating social media settings. But only 63% of Gen Zers agree, indicating that they’re more likely to be interested in technological safeguards, like firewalls, VPNs, and anti-virus and anti-spyware software.
Your firm can partner with community leaders, academics and/or state officials to develop programs that are designed to fit the needs of your community. Pay particular attention to how you can identify and help “digitally vulnerable” populations in your community — individuals who lack the resources, infrastructure or skills to improve their digital and cyber literacy, making them a potential target for manipulation.
When it comes to keeping their personal information safe, 75% percent of employees we surveyed say they trust their employer more than they trust tech companies. That underscores the need for businesses to do everything they can to protect their employees’ private data. It also represents an opportunity to tap into the trust they place in you.
Help employees to develop strong cyber acumen and to be vigilant about protecting information — their own, as well as company and customer data. Attacks have become so sophisticated that even tech employees can be fooled, as happened recently when a social media platform was hijacked, apparently after hackers gained entry to its systems by calling employees on their phones. Even if you offer training now, you need to continue educating employees so they can stay on top of hackers’ new tricks.
Helping your people become more cyber aware may also have a positive ripple effect outside your organization, as they may pass their knowledge onto family members, friends and colleagues.
Most states have little or no clear protocols on cybersecurity or cyber education. The US federal government offers a cybersecurity framework for the workforce, but gaps still remain. Consider pairing up with community leaders or academics to influence policymakers at the state and federal levels. For instance, on an international level, PwC colleagues and I are working with several leading thinkers to develop a policy designed to influence how the G20 tackles cybersecurity.
At a time when more people than ever are depending on the internet for work, healthcare, their finances and other important parts of their lives, cyber education is critical. Cyber risks are likely to escalate, posing a threat to individuals, hospitals, universities, corporations, governments and many other institutions.
Businesses have a social responsibility and an opportunity to lead with purpose. Helping citizens and communities learn to protect themselves online isn’t just the smart thing to do — it’s the right thing to do.
Principal, Transformation, PwC US
Principal, HR Transformation, PwC US