This instills the knowledge that each employee has a vested interest in safeguarding the organization by ensuring its sensitive information and accesses are preserved and maintained.
It’s imperative that accountability and responsibility must not be viewed projected as burdens that punish employees or risk the impeding business operations for the sake of compliance. Rather they must be communicated as opportunities to strengthen an organization’s commitment to protecting information and accesses that support the goals of the business.
A savvy and alert employee can be the impetus for proactively preventing an attack – the clicking on a malware embedded link in an e-mail – before it even has the chance to be initiated. Given the expenses incurred by organizations as the result of someone being duped into accessing hostile links or attachments, this is no small feat.
Communication is integral part in cyber security culture and a critical enabler for employees to become active in the organization’s security efforts. Communication takes several forms; it can be policy guidelines that are directed from executive leadership; it can be worker level individuals reporting potential security incidents prior to their execution; it can be security personnel informing the organization of new threats impacting the sector.
With the advent of bring your own device to work and more organizations enabling employees to work from home, communicating the importance for employees to maintain robust security standards at home has potential work implications as well. Therefore, educating them on acceptable online behaviors to include the types of information shared on social media will help employees reduce risks at both their residences as well as their places of work.
Many believe that cyber security culture starts from the top and works its way down. While there is merit to this statement, I would argue that all stakeholders in the ecosystem create cultures collectively.
“Culture” by one definition is “a way of thinking, behaving, or working that exists in a place or organization.” Executives can certainly lead a cyber security culture, but it must be built, developed, and supported by the entire organization for it to be successful. In this way, "we are all equal partners" becomes a reality, rather than a slogan. And it’s in everyone’s best interest.
Sign up for CIO Asia eNewsletters.