Two key drivers to a strong cybersecurity culture
Culture is created by many people and many pieces, but Dr. Barker outlined two crucial elements that the organizations with the strongest cybersecurity cultures have.- Behaviors of leadership: Cybersecurity culture relies on leaders and starts at the top. Leadership needs to be practicing the behaviors they want to see others model. And leadership should mean anyone from the C-suite all the way to team managers - anyone influential and respectful should be prepared to shoulder security responsibilities and model healthy, positive cybersecurity habits. The best leaders showcase this through open communication, admitting mistakes, and talking through the process of identifying and remedying any missteps.
- The right tools: Dr. Barker cites the importance of employees having the right tools they need to change their behavior. How is security supporting people through tools, technology, and training? A layered approach - one that includes password management tools, regular education on security best practices, new employee onboarding with strong security guidance, and open communication as to why security underlies the success of the whole organization - is an approach that empowers all users.
Quick tips for supercharging your cybersecurity culture
Building or changing any culture isn’t something that can happen overnight, but Dr. Barker provided us with small steps that you can take to create real impact.- Link back to overall culture: Creating a cybersecurity culture isn’t about reinventing the wheel; it’s about expressing the “why this matters” of security using what already drives and exists inside your business. What’s your company’s mission statement? What are your pillars and values? If, for instance, one of your guiding values is customer service above all, you can easily make that relevant to cybersecurity as well; securing customer data security and privacy are paramount to a positive customer experience.
- Ask your teams: Using surveys, assessments, and focus groups, you can find out what your employees’ attitudes are on cybersecurity. Where do they see gaps? What would make it easier for them? Can they talk about why cybersecurity matters to them or how it personally relates to their roles?
- Designate a security champion: Sometimes, it can be easier to talk to our peers and teammates than leadership or even just the rule-making security team members. Dr. Barker noted that it can be difficult for employees to reach out to IT or security leadership to ask questions, whether it’s because they’re afraid of asking questions they think they should know the answer to or because they don’t actually know who their point of contact is. She recommends that businesses appoint one person per department to be the contact for all security questions, and that person can either go through best practices directly with a user or can make sure that they level up a problem, concern, or question to someone on the security team.
- Job shadowing: Hosting a “day in the life” event where employees are invited to get an inside look at the tools that security teams use, the issues they face, and how their jobs intersect with other elements of the business can help make security more personal for individuals in their own day to day.
- Take a deep dive: Our “From Cyber Resistant to Cyber Resilient” ebook is an in-depth guide on the right questions to ask, the right steps to take, and the right KPIs to measure when it comes to creating a strong cybersecurity culture at any organization.
