Creating a security-aware company culture is important
September 1, 2021
Cybercriminals regularly use social engineering techniques to deceive and manipulate employees, leading to financial losses, disrupted productivity and a tarnished company reputation, according to Harvard Business Review.
Attackers take advantage of people’s willingness to trust certain requests and mindlessly click on links or open virus-laden attachments. The human factor is assumed to be the ultimate attack target in 99% of breaches.
Leaders often rely on their IT departments to secure information, but to reduce the human-based liability, all employees must be committed to security to create a security-aware culture. This involves leaders influencing their team members to adopt certain mindsets and behaviors.
Following are six strategies to help strengthen your company’s defenses against cybercriminals and create a security-aware culture.
Ask employees to voluntarily sign a security policy. Demonstrating commitment makes people more likely to follow through and adhere to codes of conduct. Within the policy, it is useful to clearly state which types of information are sensitive and which are not.
Lead by example. In situations of uncertainty, people look around them for cues regarding how to think and act. Senior leaders should lead by example and promote best-practice behavior.
Elicit reciprocity. Social norms dictate if someone gives us something, we believe we should return the favor. Taking moves to secure an employee’s own data or identity can be meaningful first steps to elicit reciprocity.
Leverage scarcity. People find objects and opportunities more attractive if they are rare or difficult to obtain. Senior leaders can use this when promoting the organization’s rare, exemplary security accreditations that could be compromised by a security breach. Leaders also should implement a classification system separating sensitive information from harmless information.
Be like those you lead. Security professionals emphasize the importance of an empathetic mindset to achieve compliance. People are most influenced by others with whom they identify and like, and leaders build trust with workers when they act with humility and empathy.
Leverage the value of authority. Organizations typically require employees to take an annual digital security training. However, there is a risk employees will not connect the contents to their daily behavior. When senior leaders, who are viewed as the ultimate authority, personally instruct employees to comply with corporate information security, they will be more likely to get the desired outcome—provided the leader is viewed as a trusted source who understands the security issues and stays informed.