Create a Culture of Security

Employee understanding and buy-in is critical to your business’s success in marketing, production, development and design. It should be no less important to them in cyber security. They are most likely the first to recognize and first to institute some kind of defense against an attack. The best plans, policies, procedures, technology, and training can all be circumvented due to a careless mistake made by one or a number of employees. And we expect mistakes – mistakes due to poor training, long periods since the last discussion on cyber security, and unfortunately, the occasional “black heart: maneuver….what do I mean? You need to understand that not all threats come external to your organization.

Your employees are your front line of defense against cyber security attacks. They are the ones that will receive the phishing emails, be socially engineered by an attacker, password protect your systems, or ignore security protocols if they see them as frivolous. If employees see information security as a hindrance, rather than a business enabler, it is probably because they get the impression from management that it is not important. Creating a culture of security requires a top down approach. If security is important to management this view will be passed on to your employees. Remember one adage – most people will sacrifice security every time for simplicity and convenience. Educate them on how a cyber attack can occur, what it means to the business…and then bring it home to them that without the business, they have no job. This sounds a little negative – that is not our intent. Our intent is to personalize cyber security so that everyone understands their role and the importance it takes in the entire organization’s effort.

In order to create a culture of security, conduct refresher security awareness briefings periodically – we think quarterly makes sense - to remind employees of threats faced by the company on the Internet and highlight success stories where employees were critical in helping stop a security incident from occurring. Creating a culture of security within your business will minimize your chances of falling victim to cyber crime, improve your bottom line, and position you company to be part of the cyber crime solution, not the problem.