How exactly do you set up a people-focused cybersecurity culture?
Some organizations believe that cybersecurity is the sole responsibility of the security department however because hackers target all employees cybersecurity is and must be everyone’s responsibility.
- LEADERSHIP
It all starts with leadership. Leaders should set an example for all other employees they need to promote and prioritize cybersecurity training. Emphasis on cybersecurity is important from the CEO to a seasonal employee.
- COMMUNICATION
The message should be that to protect the organization we need to create a human firewall. All employees have a personal responsibility for how they behave online. The best practice is to put awareness before accountability.
- TRAINING
Before holding people accountable for their online behavior, train them first on cybersecurity threats, and how to avoid them. If a security incident happens don’t hide it instead use it as a teachable moment demonstrating how the team can improve. Make sure it’s easy for employees to report any suspicious activity they observe. Not opening a suspicious attachment is great but reporting it could help others avoid and stop a future attack in its infancy.
Creating a security awareness culture is a gradual process as it requires leadership, communication, and training. Use leadership to build a human firewall to protect your business! Put awareness before accountability!
~
Sharmeen Rehman
BlackFire Cyber Insurance