So, you’ve got an excellent security strategy in place. You’ve got threat detection tools, an enterprise mobility management platform, file-focused digital rights management, and basically everything else your organization will need to keep its data safe. Even then, there’s still one thing missing.
The sad fact is, if your staff doesn’t care about cybersecurity, then it doesn’t really matter what else you do. They’ll undercut your strategies through poor password practices or unsafe browsing. They’ll ignore your advice and mandated apps and simply work however they see fit.
And ultimately, they’ll put your data at risk.
In the same way that there’s a direct correlation between a healthy, productive culture and a good bottom line, there’s also a connection between a positive attitude towards security and more effective protection of corporate data. By working towards a culture that emphasizes good security practices, you can turn your greatest security weakness – your employees – into your most powerful asset.
But what do you need to do in order to work towards this? According to Dan Lohrmann, there are a few steps you’ll need to take.
- Make sure you’ve got executive buy-in and support.
- Carry out regular, honest risk assessments to determine what sort of security posture you’ve got at any given time.
- Always keep a clear vision of what you want your security culture to be at the back of your mind.
- Make sure you have a plan for cybersecurity, communication, and awareness training
- Always celebrate success.
Of course, that covers the what. As for the why, I’d strongly advise looking into something called social cybersecurity. With its roots in sociology, social cybersecurity relies on the fact that people have a tendency to follow along with what everyone around them is doing. What that means is that if your business promotes messaging focused around how workers have strong passwords or use two-factor authentication, you’ll make it likelier that other people will want to, as well.
“We use a technique known as social proof, which is people tend to do what everyone around them is doing,” explains Carnegie Mellon University’s Jason Hong. “One of the common pranks fraternities will do from time to time is to have a few fraternity members point up at the sky, and if you look at the number of passers-by who also look up, it’s actually very high. It’s a simple mechanism that most people aren’t aware of, but it’s very common.”
No matter what kind of security strategy your business uses; no matter what security technology it has in place, it’s all for naught if you haven’t worked towards a culture that supports cybersecurity. Follow the advice outlined in this piece, and you can take the first steps towards doing so. From there, however, the rest is up to you.