How would you rate your organization's position on cybersecurity? It's an important question that many business leaders tend to overlook, even in an era where breaches in companies both small and large make headlines (think Equifax of 2017).
One way to gauge whether your company places enough value on its digital security systems is to answer a simple question:
Is cybersecurity part of your organization's culture—or have you ever considered that it could or should be?
Culture is a popular concept within the business world and finds relevance in multiple fields and industries. The culture of a business attests to its modus operandi, reflects the values and behaviors of company employees (from the uppermost management levels all the way to support staff such as environmental services and information technology), and heavily influences the psychological and social environment.
Vulnerabilities within a business culture are often identified as drivers behind many organizations' setbacks. Perhaps nowhere is this more evident than in security breaches. Many thought leaders and cybersecurity experts believe that while major failures such as the Equifax breach are multifaceted, at their root they are brought about due to a company's values surrounding security (or lack thereof). In these cases, a company's security culture has as much if not more of a hand in damaging breaches as do technical blunders and vulnerabilities.
So, how can a company mitigate the risk of security culture placing them at risk for cybersecurity breakdowns? Building a culture of security within the company from the ground up.
Lance Spitzner is a board member of the National Cyber Security Alliance and direction of Security Awareness at the SANS Institute. In a recent webcast for the RSA Conference, Lance shared some insightful ways to integrate cybersecurity into a company's business culture.
Assign someone the specific role of launching a campaign of security awareness throughout the company. This provides the manpower needed to initiate major change—a must for such significant endeavors as influencing company culture. No matter who you choose to take on this role, the person or team of people should feel both responsible and supported in the quest to create more perceived value surrounding security.
Who in your company should you recruit to serve as the spearhead of a security awareness campaign and cultural shift? Security teams are an obvious choice, but these team members are often already overworked and/or lack advanced skill sets needed to accomplish such a cultural shift—which requires a lot more than just a deep understanding of technology.
Consider looking elsewhere within your company, including human resources, marketing, and communications departments, to identify a person or team of people who can provide the people skills and social skills needed to guide the program to success. Socially and emotionally intelligent individuals can connect with others effectively and help get your mission out.
Support your organization by finding ways to make cybersecurity culture something that team members feel both motivated and capable of doing. Based on behavioral models from psychological research, we know that tasks are most likely to get done when people are motivated to complete and they’re relatively simple to do.
With the help of your delegated cybersecurity culture champions, find ways to streamline your security policies. Can changes be made to password policies, two-factor authentication processes, or other areas to gain simplicity? Look to examples from other companies and find out what your employees believe are perceived barriers to making these changes.
Finally, remember that preventing and correcting security problems relies on solid technology—but it also relies on your entire team being on board and sharing a common goal of keeping your organization's digital data secure.
Interested in seeing how Integrity Technology Solutions can help you empower your team to make digital connection and protection a high value? Contact us today to learn more or speak with one of our client support representatives.