Achieving a Security-Conscious Work Culture

Security-consciousness is more natural for some organizations than others. For certain industries, like finance or data management, it is almost ‘built-in’… but, all companies are a target for data breaches and ransomware, and employees are a primary entry-point for hackers, so how mindful your people are of security risks is increasingly important. The traditional response to this has been a one-and-done end-user training. A deeper avenue is to equip your employees with an awareness of the risks, and the behaviours to mitigate them – but if they aren’t motivated to comply, this can fall flat. So, how do you create a work culture that is security conscious, when you are not in an industry where it is already ‘built-in’?

The answer will require collaboration across multiple teams, top-down and bottom-up tactics, and making the solutions you implement both visible, and pervasive. Below are five considerations for building a security-conscious work culture.

AppSec/API Security 2022

1) Policy

New policies are difficult to introduce, but they are foundational in achieving cultural change. Ensure you have stakeholders across departments participate in their development, such as human resources, communications, facilities, information technology, data governance, compliance (if you have them). Some items worth including:

Tailgating – A policy around tailgating (following an authorized person into a room or building) provides rudimentary benefits towards security consciousness. One, it encourages the understanding that security is not just ‘digital.’ The second is that it is pervasive – if your employees are thinking about whether somebody is behind them every time they enter the building, security starts to become a top-of-mind consideration.

Passwords – Passwords are also pervasive as they’re being entered multiple times a day, so it is important to have a policy that prevents sharing of passwords and requires good passwords (which we discussed in the context of the (Read more...)

*** This is a Security Bloggers Network syndicated blog from IntelliGO MDR Blog authored by IntelliGO Networks. Read the original post at: