Page 53 - Cyber Defense eMagazine - November 2017
P. 53

3 STEPS TO CREATE A CULTURE OF CYBERSECURITY




               by Mary-Michael Horowitz



               It seems like every business is trying to improve its company culture. And that’s a good thing.
               An  effective  culture  is  built  on  solid  values  and  a  core  purpose.  It  gives  employees  the
               opportunity to understand what makes the company tick – what its beliefs are, what its goals are
               and how each person can help move the business forward.

               In  the  same  way,  I  encourage  businesses  to  think  about  creating  a  culture  of  cybersecurity.
               Ensuring your business, and its data, stay safe from the many cyber threats lurking in the ether
               means  constant  education  and  discussion  so  that  each  team  member  understands  how  to
               safeguard the business and demonstrates that day in and day out.

               Here are three steps to create a culture of cybersecurity in your business:

                   1.  Involve the entire company
                       Cybersecurity isn’t just an IT thing. It’s an everybody thing. So, take the time to teach
                       everyone in the company why cybersecurity matters. Train employees to know what to
                       look for, like how to spot a phishing email, and to whom suspicious activity should be
                       reported. Explain to the team the reality of cyber attacks. If employees understand the
                       consequences of their actions and the potentially devastating results, they’re probably
                       going to be more likely to buy into a culture of cybersecurity. We suggest companies
                       provide their teams with formal training at least annually, if not quarterly. These trainings
                       shouldn’t  be  stiff  and  dull.  Make  them  fun  and  engaging  with  friendly  competitions  or
                       games, rewards and demonstrations.


                   2.  Keep cybersecurity top of mind
                       Holding annual or quarterly cybersecurity training sessions is important in establishing a
                       culture of cybersecurity, but it’s not enough on its own. To truly build a strong culture,
                       security needs to be top-of-mind for employees. Things like posters hanging around the
                       office  with  brief  security  tips,  handouts  with  reminders  of  things  to  look  out  for  and
                       quarterly  newsletters  with  more  in-depth  tips  and  takeaways  from  the  latest  hacks
                       making headlines all help make security part of the daily conversation.


                   3.  Create a sense of responsibility
                       In  addition  to  teaching  your  team  how  to  prevent  and  spot  cyber  attacks,  it’s  equally
                       essential to ensure employees feel comfortable reporting their findings.




                   53    Cyber Defense eMagazine – November 2017 Edition
                         Copyright © 2017, Cyber Defense Magazine,  All rights reserved worldwide.
   48   49   50   51   52   53   54   55   56   57   58