The term “security culture” refers to a cultural expectation that is instilled by the leadership of an organization to maintain a security-focused mindset — where every decision and strategy is viewed through the lens of the highest protocols vs. internal preferences.
As the IoT market rapidly expands and the number of connected devices continues to rise, so does the risk of attack. A recent independent study conducted by Ponemon Institute LLC on the state of cybersecurity in small and medium-sized businesses found that 51 percent of companies have experienced either a successful or unsuccessful ransomware attack. Organizations in every industry are now faced with the need to instill a security-first mindset with employees at every level to ensure that company and customer data is as protected as possible.
In Part 2, we offered tips for organizations looking to create a more consistent and relevant education and training program on security matters for employees. Improved training that is performed frequently can significantly impact an organization in a positive way by minimizing the risk of a security incident due to employee negligence, but it’s also important for organizations to focus on policies and procedures to minimize risk.
Tightening up internal practices can increase the overall security of an organization; however, often when a company attempts to enforce security policies or implement new procedures, it faces opposition or resistance from its staff. While organizations and their employees both share the interest of protecting customer information as a top priority, policy changes are never easy. To successfully create a security culture, organizations must be prepared to face opposition from employees throughout the transition. Here are a few tips that may help to soften the blow and smoothly transition employees into this new security mindset.
Encourage and Reward Employee Feedback
A great way to get employees over the hump of change is to encourage feedback based on their experiences. Encouraging employees to provide thoughtful insight as to how practices could be improved to better protect customer data and simultaneously improve the employees’ experience can result in a major payoff. The advantage of encouraging employee feedback is twofold: employees gain a better sense of value when their feedback is heard and appreciated, and the security of private customer information is truly held at the highest level of importance. Organizations can advertise rewards for providing feedback to further encourage staff to participate. Rewarding thoughtful feedback from employees can propel an organization into achieving a true security culture.
Recruit Change Agents from Within Your Own Organization
In addition to encouraging and rewarding employee feedback, another way companies can overcome opposition to change is to enlist agents of change from within the organization itself. These leaders can influence others in a positive way when it comes to valuing and adhering to new policies. Recruiting change agents can help alleviate the fear that is often present in employees on the brink of change by motivating them to focus on the purpose behind the change rather than on fear of the unknown. By championing from the top down, the support for security policies and procedures from employees in leadership roles can have a domino effect, thereby spreading the support among staff collectively. Gaining a few key supporters internally who can demonstrate their adherence to the security-first mindset can have a significant impact on the entire culture.
Recently in InfoSecurity Magazine, I discussed why the cultural mindset of healthcare organizations in particular needs to change as digital transformation continues to alter consumer communication — and outlined three tips to achieve this shift. This blog is the final of three in a series to dive deeper into each one of those tips.
LinkLive Banking
LinkLive Banking is for Financial Institutions who need to securely communicate with customers, clients, employees, and business partners and want it to work in the way that we all live and work across digital and physical channels.