Mads Howard: Cybersecurity as a life skill

In this episode of the Behave podcast, Ben Donaldson—Community Engagement Manager at CybSafe—sits down with Mads Howard, People Centred Security Lead at Sage.

Guest profile

Mads Howard is a director at Sage, a software company providing products to help with business flow.

Mads has been involved in cybersecurity for a number of years. Currently, she reports to the Director of Awareness, Security & Engagement. Her role is the first of its kind in the business, and she plays an integral role in maintaining the company’s security culture.

Connect with Mads on LinkedIn and Twitter.

Key takeaways

1. The importance of a cybersecurity team

One key benefit of hiring a dedicated security team is that your organization has experts with extensive experience defending it against specific threats and risks. These may include cloud application attacks, phishing, unmatched security vulnerabilities, and many more. 

“Because of my security team, I am able to do so much and lean on so many people and draw in on so many metrics and insights and different areas of the business because my security team are really on board with the work we are doing in this space.”

2. How to help people understand the importance of cybersecurity

Here’s a shocking statistic: Close to 90% of all cybersecurity risks are caused by human error. This is proof that even if you have highly secure infrastructure, you’re still vulnerable if you don’t help your employees understand the importance of cybersecurity.

“Getting that culture right within a security team, whether it’s that fluid transparency and communication . . . has been so beneficial to the way we have done things and run programs.”

3. Security exposure is key

Security exposure is all about trying to identify the security vulnerability of a system. These vulnerabilities could expose loopholes that hackers could use to access as well as manipulate confidential company data. This exposure also helps reveal potential security gaps and establish control before a breach.

“You are giving people the ability to have access to certain people within the business, and it makes them feel like an important part of the team and they get value from you as you get value from them.” Ben Donaldson says people on security teams are often seen as blockers, not enablers.

Changing that perception is essential as a company’s security team plays an integral role in protecting an organization from harmful external threats like hacks and data breaches.

4. Internal communication can make all the difference

According to Mads, organizations should create programs to improve communication. At Sage, she admires how security is preached in the business.

She recognizes that organizations with good communication have a significant reduction in expenses like liabilities, insurance, and other security expenses directed to the stakeholders. Internal communication is vital for informing the workforce on why cybersecurity is essential and should be taken seriously.

5. Changing the mindset on security should be a priority

Mads recognizes that a security team is traditionally seen as a compliance tool. Often, an organization’s cybersecurity team contacting you is viewed as getting in trouble for something. She says, “If you got an email from someone who’s from cyber risk, you instantly think, have I done something wrong? Am I in trouble?”

Instead of this negative perception, we should think of how the security team is helping make our organizations more secure during work operations and protecting crucial data. Besides this, security also creates situational awareness, pushing and motivating people to do the right thing.

Top quotes from this episode

For more human risk insights, listen to the next episode in the Behave podcast, or read the CybSafe blog.