April 27, 2017 by

The Importance of a Corporate Culture Built Around Security

Building a culture of security is substantial to any organization. Having a culture built around security, can help an organization create and maintain cyber resilience and a strong business environment. A nonexistent security culture can quickly lead to vulnerabilities and incidents in an organization. Employees should work together in teams, rather than alone. People working solely may not try to help better the security, but have their own personal intentions as a rogue employee. Teams of employees should be working towards similar goals and should be excited about the work they are doing. When employees are motivated and excited about their work it can be seen in the results. Sharing responsibility can also avert and mitigate the likelihood of an attack. When organizations commit to creating a security culture there is more organized and disciplined operations, deceased risk, and increased stakeholder and customer trust.

Implementing a security awareness and training program within your organization can help enhance the security culture. According to Shred-it 2016 Information Security Tracker Survey, 78% of small business owners in the US and 51% of C-Suite report only hold employee training programs once a year or less. 28% of small business owners reported that they have never trained employees on company security procedure or polices. It is important that organizations prioritize and emphasize the benefits of employee training. An effective security training session held monthly or bimonthly can limit the unintended risks exposed to an organization, mitigating the chances of data loss, costs, or reputation damage. It can offer employees the basic skills and knowledge to detect security threats and avoid human error.

When creating a comprehensive security awareness program, IANS Research faculty member, Mike Saurbaugh stated, it should not be considered a destination, but rather a journey.  The organization should begin with committing to maintaining a culture of information security. When management commits, it encourages employees to commit as well. When holding training there should be an array of approaches taken from speakers to video training content. A group of employees can be given the task to focus on refining information security practices and to be the eyes and ears of the workplace. Motivate employees by creating healthy competition between departments in games like “Who found the most phishing emails” or “Who reported the most suspected incidents”. Healthy competition will create a healthy and fun environment in which employees will positively impact the organization.

Visualizations can also be placed through the office to remind employees to be aware and take caution in what they do, such as “Don’t forget to lock up” or “Stop! Shred the files”. Follow the Shred-it all policy to instill the mindset into employees to safeguard their information through various tasks. Which can include destroying all documents when they are no longer needed, clearing the desk before leaving, or locking up all documents. Following these simple procedures help maintain a positive culture of information security.

LIFARS offers flexible, security training practices for all organizations. With training that starts with the basics, LIFARS employee awareness training is designed with simplicity in mind, even offering customization, training materials, and real life scenarios.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Five Key Aspects of The GDPR

Effective beginning May 25, 2018, the General Data Protection Regulation (GDPR) is set to replace...

Read more arrow_forward

Top Responsibilities of a New Chief Information Security Officer (CISO)

As the need for security becomes more prevalent in organizations, the role of a Chief Information...

Read more arrow_forward

Critical Vulnerability Within Microsoft Secure Channel Allows Remote Code Execution

Make sure you patch your systems immediately. Exploits taking advantage of this critical vulnerability are already in the works.

Read more arrow_forward