Human behavior is complex and inconsistent, and poses a significant risk to the security of your organization.
It’s not surprising that an organization’s staff can pose such a threat: They can access sensitive data and it’s unlikely to raise flags when they access it. So, how do you handle the insider threat?
This risk can be addressed by creating a culture of security within your organization.
All organizations need a security culture that stretches from the breakroom to the boardroom.
Build a security culture
A security culture is a combination of multiple factors, such as:
- Employee education (staff awareness)
- Security exercises (breach drills, phishing simulations)
- Information security awareness posters
- Security advocate(s)
- Specialist training for security personnel
- Regular security refresher presentations
Although security cultures will differ from organization to organization, the overall goal remains the same: Make staff aware of security threats and how they can be prevented.
Where to start
Kai Roer, author of Build a Security Culture, October’s book of the month, addresses the human and cultural factors in organizational security using clear, everyday examples and analogies. Drawing on his extensive experience, this guide highlights the underlying causes of many successful and easily preventable attacks.
Learn how to create a culture that promotes cybersecurity within the workplace
IT Governance USA offers a range of training courses and tools to empower your staff and prepare them to fight cyber crime:
- Passively convey security best practices with information security awareness posters. Hang them in critical spots – by the printer, in the waiting room, or in the kitchen – to reinforce your staff awareness program.
- Our interactive e-learning staff awareness courses offer a hassle-free and cost-effective training solution to help prepare your staff for information security issues they might encounter.