Changing the mindset of employees is not easy, especially when it comes to a complex subject like cybersecurity. However, as part of an organization, every person needs to do their part, and when it comes to cybersecurity, this means awareness.
There are multiple steps an organization can take to build a cybersecurity culture effectively. From training to enforcing policies and procedures, every organization adopts each of these tactics to a certain degree. Maybe there’s an existing training program, but it doesn’t include phishing simulations, or perhaps there are defined policies and procedures, but there’s not a communication plan in place.
At the end of the day, a culture of cybersecurity will mimic that of the business itself. For instance, if it’s a culture of flexibility but also accountability, then enforcing cybersecurity policies will be much easier.
We asked businesses in the Greater Boston Area: What steps are you taking to build a cybersecurity culture in your organization?
Here’s what they told us:
“We are following industry best practices for cybersecurity, which are based on training and education. Training is to be refreshed and certified internally every 6 months, and we measure the success of the program by the level of security awareness it creates amongst our employees. As users are the weakest security link, every policy needs to be enforced, training for the sake of training won’t be enough. I see a lot of organizations that have plans in place, but if they don’t enforce it, it’s meaningless. For instance, you can put into employment agreements that if the 1st incident happens, you’ll be written up. 2nd incident happens, suspension, 3rd, termination.” – Johnny Lam from Aite Group
“Being a member of the AICPA provides access to many resources including the cybersecurity resource center where I have access to many tools. … As I grow I will be looking to outsource my IT function.” – Marc Bucalo from G2 Consultants.
“For my organization, I am ensuring that passwords are changed every 90 days and data is password protected as much as possible. Since I have personal data for people with their taxes or business, an extra step of verification is always necessary. That way, your account information is safe and doesn’t fall into the wrong hands. It is a necessity in this time as people are always looking to crack into your data and exploit it.” – Paul Falewicz from Succentrix Business Advisors.
How about you? What steps are you taking to build a cybersecurity culture?
For more information on this subject you can always read our blogs: Four Pillars of Building a Cybersecurity Culture and the Business Impact of a Cybersecurity Culture or listen to our latest Fireside Chat with Patrick Hunter from Hook Security “The Makings of a Cybersecurity Culture”.