It’s week two of National Cyber Security Awareness Month, and the focus is on cybersecurity culture.
September’s list of data breaches and cyber attacks highlighted that data breaches caused by staff – or threats that were ignored by staff and which later developed into a breach – were high in number.
It’s not surprising that an organization’s staff can pose such a threat – they have access to sensitive data and it’s unlikely to raise flags when they access it. So how do you handle the insider threat?
Build a security culture
All organizations need a security culture that stretches from the breakroom to the boardroom.
A security culture is a combination of multiple factors, such as:
- Employee education (staff awareness)
- Security exercises (breach drills, phishing simulations)
- Information security awareness posters
- Security advocate(s)
- Specialist training for security personnel
- Regular security refresher presentations
Although security cultures will differ from organization to organization, the overall goal remains the same: make staff aware of security threats and how they can be prevented.
Start building your culture today
Kai Roer, author of Build a Security Culture, has years of experience in helping organizations to build a culture of security throughout their workforces. If you want to build a security culture within your organization, then his book is the ideal place to start.
IT Governance provides a series of invaluable and thought-provoking books and tools to empower your staff and prepare them to fight cyber crime.
- Learn how you can influence your staff’s behavior with the best-seller The Psychology of Information Security.
- Educate your staff about the key elements that make up an information security management system by engaging them with the ISMS card game.
- Passively convey security-best practices with information security awareness posters. Hang them in critical spots – by the printer, waiting room, or in the kitchen – to reinforce your staff awareness program.
- Provide your staff with informative and thought-provoking pocket guides to strengthen their knowledge of information and online security.