How to create a culture of cybersecurity in the workplace


October 16, 2018

Blog Image Template (17)

How would you define your company culture? Chances are, cybersecurity isn’t featured in your description. However, company culture—particularly the attitudes of executives—can have a big impact on how team members prioritize data security and good cybersecurity hygiene.

As experts have been quick to point out, employees are the biggest gateway to cybersecurity attacks. A huge portion of cybercrime can be directly attributed to employee mistakes—in fact, one publication puts that number at nearly 90%. And with the average cost of a data breach at $3.86 million, it only makes sense to take a more holistic approach to cybersecurity. After all, security is no longer “just an IT issue,” which means your organization needs every employee’s buy-in.

Fortunately, there are many ways to engage employees in building a stronger awareness of cybersecurity issues. Here’s how you can create a culture of cybersecurity in your office—and have a little fun in the process.

Prioritize security from the top down

If you’re going to talk the talk, you need to walk the walk. A strong cybersecurity culture starts from the top down with executives who prioritize security policies and allocate the resources to implement robust protective tools and processes. When you plan new projects and initiatives, emphasize security best practices from start to finish.

As noted by the Harvard Business Review, executives and leaders can’t necessarily force a cultural change—but they can influence culture by their own actions. Not only will showing employees that you value cybersecurity go a lot further than once-yearly training sessions, it can bolster trust in your executive team, too.

Invest in employee education

We can’t say it enough: Training is vital to prevent human security flaws. Cybersecurity moves fast, and new threats seem to near-constantly rear their ugly heads. With this in mind, we recommend that you host regular formal training sessions at least twice a year. These should be more involved than a dry PowerPoint presentation—use group interaction and audience participation to enliven the curriculum and ensure the message sticks

Keep the momentum going year-round

Every day, employees are bombarded with phishing emails, social engineering and other hacking tactics, which places your businesses assets in a vulnerable position. As a result, cybersecurity needs to remain in the foreground of the corporate culture to make sure your staff stays vigilant.

Make cybersecurity an everyday issue with recurring reminders. From memos to handouts to testing, there are many educational techniques that go above and beyond a standard (and frequently forgettable) presentation. Your IT services provider can likely offer some inspiration here, and may even supply resources to which you can point employees for guidance


Get the right tools in place

Human vigilance makes a huge difference, but it can only go so far. For truly thorough cybersecurity protection, you also need the help of software, devices and automated processes. Threat detection systems, firewalls, regular monitoring and frequent backups are just some of the cybersecurity tools that can provide protection where your team cannot.

Your exact needs will depend on your assets, networks and workflows, and IT services teams can help you invest in the right tools to provide complete end-to-end security. IT services providers also stay updated on the latest developments and can advise you when newer and better products are available.

Create strong policies

What should an employee do if they think they’ve been hacked? How do you handle backups? What’s your disaster recovery policy? If you can’t answer those kinds of questions, it’s time to take another look at your cybersecurity policies.

Robust policies help employees understand best practices for day-to-day workflows, such as how to properly share assets and work remotely in a way that doesn’t threaten the safety of information. They also include processes to address disaster recovery, data loss and various cybersecurity attacks—basically, every aspect of your company’s cybersecurity is covered. Again, IT services providers can be very helpful here in terms of assisting you with outlining policies and creating standard documents.

Make it fun

On its face, the subject of cybersecurity may appear dry and tedious, but it doesn’t have to be that way. Executives and managers can encourage exemplary cybersecurity behavior by setting goals and rewarding team members when those benchmarks are met. Another way to get your employees excited about cybersecurity is to gamify your training. Although some businesses choose to develop their own gamified training systems, security software provider ESET offers a free online course as well.

Looking for help as you work toward a stronger cybersecurity culture? Download our Ultimate Cybersecurity Bundle for some additional inspiration, then get that cultural shift underway!

We're Integris. We're always working to empower people through technology.

Keep reading

Put Your Cybersecurity Policies to Work for You

Put Your Cybersecurity Policies to Work for You

It’s one of those truisms of life: if you get all your chores done, you get to go out and play. Cybersecurity policies are a lot like that. They are the structures you must have before your systems can run as they should. Look, I get it. Considering that most...

The Three Social Engineering Hacks your Company Should Prevent Now

The Three Social Engineering Hacks your Company Should Prevent Now

Since 2020, Google has identified and delisted 2 million websites for launching phishing attacks—an army of nefarious websites that Cisco says have hit 86 percent of all global companies. But it’s the social engineering behind those attacks that’s the scary part,...