In this article, Jeff Hunt explores the importance of creating a Cyber Security culture through employee engagement and training -- and changing people's behaviors to help ensure a secure network environment.
President, JB Homer Associates
The Human Side of Creating a Cyber Security Culture
by Jeff Hunt
Cyber Security has never been more important for businesses, organizations and governments as cyber risks and attacks are expected to continually grow in volume and intensity. Regulatory requirements are increasing and corporate boards are being asked to take on more and more responsibility to ensure that their organizations have Cyber Security measures in place: some companies are even taking out cyber insurance policies to protect their businesses against financial loss due to security breaches. Security executives realize the importance of creating a 'Cyber Security Culture' by instituting cyber education and training programs and promoting a culture of employee engagement and personal responsibility.
Creating an internal Cyber Security Culture is paramount in mitigating cyber attacks against an organization's network. The establishment of this culture serves as a way to enable people to play an active role helping to secure the company's internal and customer data. Companies need to first start changing people's behaviors in order to change the culture around Cyber Security - and this change can only be fostered if they see their new behaviors as having a positive impact on their company.
Some organizations institute Cyber Security Training Awareness Programs to educate and train employees about its security policies and procedures. This may include BYOD security policies that help prevent unintentional data breaches and malware from entering the corporate network by employees accessing insecure applications and networks. Ongoing education in areas such as 'phishing' training demonstrates how this technique helps to detect and defend against cyber attacks.
The most effective Cyber Security Culture will exist when all of your employees view themselves as mini-CISO's. This is accomplished by changing their behaviors on the activities that put sensitive data at risk such as using poor password management or inadvertently leaking information by not following data encryption policies and procedures.
The creation of a Cyber Security Culture within your organization can go a long way in helping to ensure the security of business assets, customer data and intellectual capital. As a Security executive, what measures are you taking to engage employees around Cyber Security?
As always, I look forward to your thoughts and observations.
Feel free to email me at: firstname.lastname@example.org