A once widely held belief that IT is in charge of all things cyber security is changing across industries. Cyber security culture now must include everyone who has access to data. However, how clear is the understanding of this culture to every department in your organization? A report from ISACA and CMMI Institute found that only 34% of employees know what their role is where cyber security is concerned. This would indicate that the cyber security culture that is supposed to be all-inclusive is not hitting the mark. This is concerning when employees represent the weakest link in a cyber security plan–they leave “doors” open that cyber criminals easily detect. This happens mainly with poor password hygiene and the ease with which employees click on links that contain viruses. All of this can be prevented with a better education campaign.
Changing the Culture While a true culture change within an organization can take years, cyber security culture can’t wait that long. Everyone must share the same beliefs that are inherent in a high-functioning cyber security strategy. This will require commitment to change, which can be among the most difficult aspects of any shift in company culture. The process can be improved by offering a cause and effect scenario, which outlines various situations in which an employee can be the source of a disruption.
Basically, it comes down to accountability. Know Your Role If everyone knows the risks, do they also know what they can do to help? Do they have a distinct definition regarding their role in the strategy to prevent getting hacked? Some organizations have taken to regular “fire drills” where they initiate a staged event and everyone leaps into action. In this case, employees are each tackling their specific task and memorizing the steps they need to take. This will enable them to know exactly what to do if and when something actually does go awry.
Communication Your security team should be a sounding board for potential and current issues. People will make mistakes, and they should be encouraged to openly discuss them with the appropriate people without fear of retribution. Accountability is important, and by establishing a sense of trust, the organization will benefit. An option that could help shift the cyber security culture in your organization is going to a third party for the tools and services that improve safety, reduce risk and help define a more comprehensive strategy. Getting this assistance puts less pressure on your security team, giving them the flexibility to handle on-premise situations that can also lead to better security practices. Contact us today to learn more.