From the Break Room to the Boardroom: Creating a Culture of Cybersecurity in the Workplace

National Cybersecurity Awareness Month: Week Two

From the Break Room to the Boardroom: Creating a Culture of Cybersecurity in the Workplace

Ours is an age where technology has infiltrated virtually every facet of our lives. As a result of this ongoing seismic shift in the way we gather information and communicate with one another, the manner in which we secure our digital lives must adapt to the threats around us.

In the not too distant past, the technical processes of technology were relegated to a handful of IT support staffers who worked their magic on our equipment then returned to their often mysterious home within the IT department. Thus, a dichotomy developed between those who kept our networks and end points operating at peak performance, and those who used these technologies to carry out their work related tasks. However, in an age where cyber-attacks are increasing exponentially in both number and complexity this division only invites difficulty as organizations defend themselves from data breaches.

By definition, the influence of every culture is measured by the breadth and depth of its reach among those who make up its population. Thus, workplace cultures must be evaluated by the manner in which their values and practices permeate the workforce. It stands to reason that a culture, even one focused on cybersecurity, cannot exist within an organization where resistance to wide scale policy adoption is pronounced.

To sum this up, with the prolific and targeted nature of today’s cybersecurity attacks, a concentrated team approach is required to mitigate the threats businesses face. As a result, an effective cyber defense posture will never become engrained within a company’s culture when there is a low rate of adoption among employees, when executive management fails to lead by example, and when best practices are not regularly communicated. To counteract these pitfalls to a broad culture of cyber awareness, businesses should enact these three action items:

1. Communicate: When a business is intent on strengthening its cyber resilience, the IT department cannot go at it alone. Effective defenses require the ongoing communication of your firm’s cyber priorities. Employees need regular reminders regarding basic principles and policies, such as password management and a clear understanding that the boundaries of our modern workplace often follow us home. Thus, these threats and simple solutions should be communicated with regularity.
2. Educate: Cultures don’t grow by accident and companies never drift any place worth going. These points are even true within the realm of information security. Employees need to know the how and why of corporate cybersecurity and its importance to company assets and their personally identifiable information.
3. Cultivate: True cultural evolution calls for the cultivation of its priorities from the top down. Executives who noticeably practicing cyber policies will have a greater impact on the issue than those who merely share edicts from the C-Suite. In our age of phishing and ransomware, the CEO is just a vulnerable and the freshly minted intern. Through cultivation, a culture can be developed.