Today’s organizations, both private and public, face a daunting variety of threats to cybersecurity. A cyberattack can threaten the very existence of an organization (not to mention the jobs of some of its C-suite officers), but the response doesn’t rest solely on a building a better technical solution: we need to create a cyber-secure culture.
Given the overwhelming reality of resources and time that are already being dedicated to a company’s security strategy, how can organizations begin to build security into a company’s DNA in a realistic way?
Research by the Centre for the Protection of National Infrastructure (CPNI) suggests that multiple interrelated factors need to be considered when attempting to change an organisation’s security culture.
But, what is “security culture”?
It is the ideas, customs and social behaviors of an organization that influence its security. It is the most important element in an organization’s security strategy. And for good reason: The security culture of an organization is foundational to its ability to protect information, data and employee and customer privacy.
Not all people learn in the same way. Every organisation and every audience is different when it comes to learning. We believe that a human-centred approach to security, using high impact interventions, can accelerate positive security culture change.
During the pandemic, some industries and organizations have seen their security cultures stagnate or decline. As many organizations transitioned to a work-from-home model, new security issues and concerns emerged, with communication and education becoming somewhat more challenging.
How to Support A Strong Security Culture
There are some very practical and actionable steps organizations can take to develop and nurture a strong security culture across seven distinct dimensions:
• Attitudes: Employee feelings and beliefs about security protocols and issues.
• Behaviors: Employee actions that impact security directly or indirectly.
• Cognition: Employee understanding, knowledge and awareness of security issues and activities.
• Communication: How well communication channels promote a sense of belonging and offer support related to security issues and incident reporting.
• Compliance: Employee knowledge and support of security policies.
• Norms: Employee knowledge and adherence to unwritten rules of conduct related to security.
• Responsibilities: How employees perceive their role as a critical factor in helping or harming security.
We can help you build a solid security culture in your organization, let’s talk?
(2) Security Magazine
Picture: <a href=’https://www.freepik.es/fotos/antivirus’>Foto de antivirus creado por rawpixel.com – www.freepik.es</a>