Liste has gone to great lengths to strengthen security awareness at the board level and to build security capability within the IT department. Yet he says it's crucial to recognise good security is a whole-organisation effort. When it comes to creating education programmes, he says CIOs should be prepared to lean on the expertise of other functional heads.
"A good collaboration with your learning and development team, your communications team and your training team is absolutely critical," he says. "You need to work with these experts to make sure you're constantly updating and engaging with people and educating them around the evolution of the cybersecurity risk."
SEE: Management tips: Four ways to deal with conflict in your team
Know more: jobs for computer engineers
Liste says structured internal education and awareness programmes are the best way to teach staff across the organisation about potential risks. But he also says that training development shouldn't stop at the enterprise firewall, particularly as most staff are currently working at home due to social distancing.
"We don't limit our approach to corporate education," says Liste. "We also talk about awareness at home, which is obviously crucial right now, and we talk about the risk of phishing and being aware of the text messages that tempt you to click on links. We say that the secure practices our people apply at work should be carrying on 24/7."