Humans are creatures of habit. All in all, we do the things we do because that’s the way that we’ve always done them.
The same can be said of cultures in our society and in our workplaces.
In terms of long-term business viability, culture is everything — especially as it relates to information and data security. Culture is a key factor of whether a business can grow, and protect itself from cybersecurity risks.
In this article, we aim to outline the levers that can aid in instilling a strong security culture.The benefits of security culture
A strong security culture is both a mindset and method of operation. One that’s integrated into every
According to the U.S. National Cyber Security Alliance, 60% of small businesses cannot sustain their businesses beyond six months after a cyber-attack.
But how do you get employees to adopt security focused
- Ingrain the concept that security belongs to everyone.
Many organizations have the opinion that Security or IT departments are solely responsible for security. But in reality, a sustainable security culture is the responsibility of every employee.
A reward system that’s tied
intocompensation can serve as a great motivator along with periodic security training. The key is that everyone must be on board.
In the 2016 Cyber Security Intelligence Index, IBM found that 60% of all attacks were carried out by employees. Learn how to protect your organization from insider threats.
- Embrace organizational security top down.
It all starts at the top. Executive leadership on security is essential for garnering employee buy-in. Executives must also communicate and set priorities with middle management and to encourage employees to integrate security practices every day. Additionally, the C-level should be held to the highest standards in the business to set the right example.
- Make security engaging and fun.
People often associate security with boring training or someone saying “no” all the time. To develop a sustainable security culture, build engagement and fun into all the process parts. If you have specific security training, ensure that it is not a boring PowerPoint presentation.
Gamification reinforces learning and encourages desired behaviours in fun simple ways.
One way to gain employee buy-in into your security culture is to reinforce positive actions through an incentive program. There are some simple choices you can immediately implement to start influencing security attitudes across the organization, including:
- Make security awareness a component of annual employee reviews and require employees to meet a certain standard to be eligible for a promotion.
- Find polite ways to call out employees who aren’t representing a security mindset. For example, when an employee leaves his or her computer unlocked, teammates can send an all-staff email or Slack message saying “Hey team, I’m buying lunch for everyone” from that person’s computer.
The risks of not focusing on security are well documented. Breaches can cost companies
Wherever your organization sits on the security culture spectrum, there are always things that can be done to make the culture better.
So, do what’s right and get started now. Security culture takes time to develop.