Mads Howard: Cybersecurity as a life skill
In this episode of the Behave podcast, Ben Donaldson—Community Engagement Manager at CybSafe—sits down with Mads Howard, People Centred Security Lead at Sage.
Cybersecurity as a life skill
They talk about what it means to lead a security team, the importance of culture within the team, and how to build a supportive team that knows why they do what they do. They also talk about how it’s your job as a security team to make cybersecurity relevant and engaging as it becomes an essential life skill.
Ben Donaldson Community Engagement Manager, CybSafe
Mads Howard People Centred Security Lead, Sage
Mads Howard is a director at Sage, a software company providing products to help with business flow.
Mads has been involved in cybersecurity for a number of years. Currently, she reports to the Director of Awareness, Security & Engagement. Her role is the first of its kind in the business, and she plays an integral role in maintaining the company’s security culture.
1. The importance of a cybersecurity team
One key benefit of hiring a dedicated security team is that your organization has experts with extensive experience defending it against specific threats and risks. These may include cloud application attacks, phishing, unmatched security vulnerabilities, and many more.
“Because of my security team, I am able to do so much and lean on so many people and draw in on so many metrics and insights and different areas of the business because my security team are really on board with the work we are doing in this space.”
2. How to help people understand the importance of cybersecurity
Here’s a shocking statistic: Close to 90% of all cybersecurity risks are caused by human error. This is proof that even if you have highly secure infrastructure, you’re still vulnerable if you don’t help your employees understand the importance of cybersecurity.
“Getting that culture right within a security team, whether it’s that fluid transparency and communication . . . has been so beneficial to the way we have done things and run programs.”
3. Security exposure is key
Security exposure is all about trying to identify the security vulnerability of a system. These vulnerabilities could expose loopholes that hackers could use to access as well as manipulate confidential company data. This exposure also helps reveal potential security gaps and establish control before a breach.
“You are giving people the ability to have access to certain people within the business, and it makes them feel like an important part of the team and they get value from you as you get value from them.” Ben Donaldson says people on security teams are often seen as blockers, not enablers.
Changing that perception is essential as a company’s security team plays an integral role in protecting an organization from harmful external threats like hacks and data breaches.
4. Internal communication can make all the difference
According to Mads, organizations should create programs to improve communication. At Sage, she admires how security is preached in the business.
She recognizes that organizations with good communication have a significant reduction in expenses like liabilities, insurance, and other security expenses directed to the stakeholders. Internal communication is vital for informing the workforce on why cybersecurity is essential and should be taken seriously.
5. Changing the mindset on security should be a priority
Mads recognizes that a security team is traditionally seen as a compliance tool. Often, an organization’s cybersecurity team contacting you is viewed as getting in trouble for something. She says, “If you got an email from someone who’s from cyber risk, you instantly think, have I done something wrong? Am I in trouble?”
Instead of this negative perception, we should think of how the security team is helping make our organizations more secure during work operations and protecting crucial data. Besides this, security also creates situational awareness, pushing and motivating people to do the right thing.