Building a security-first culture is as important for cybersecurity as investing in the right tech or creating and enforcing the right policies.
Defense systems cannot provide 100% of the security organizations need as long as individual employees are making decisions about what to click on, who to trust and, at the leadership levels, where and how much to invest in security. This is especially true with the rise in remote work.
How to Make Security Important to Everyone
What is security culture?
It’s a set of ideas, habits and social behaviors that lead people to make choices in their everyday work that enhances, rather than threatens, the company’s cybersecurity. While “culture” sounds vague and soft, it’s really the best trainable guide for action. It’s a framework for making security important to everyone in the group.
The importance of security consciousness cannot be overstated. The benefits of a solid security culture mean employees will report, rather than click on, suspicious links sent via email or text. They’ll embrace, rather than circumvent, secure systems and safety protocols. They’ll engage freely with IT staff when unsure, confused or needing help, rather than stay silent.
Senior leaders will bring security teams in on projects early out of a spirit of mutual benefit, rather than at the last minute out of a spirit of suspicion or distrust. And, business leaders will make decisions based on clearheaded intent to protect the organization’s assets, rather than mistaken notions that cutting security will improve the organization’s finances.
Unfortunately, nine out of 10 organizations do not have the security ..