Why do organisations need a security culture? Isn’t software enough?
How many times have you heard people making excuses about “computer errors”? It’s the go-to response when payments are missed, astronomical bank charges are requested and files mysteriously go bump in the night. But the reality is, computers don’t make mistakes – they do exactly what we tell them to do. Humans, on the other hand? We’re always the weakest link – too much stress, a few drinks after hours and rushing to make it out the door by 5pm can all make people scatty.
According to a 2019 survey conducted by Censuswide, 89% of surveyed organisations in the UK said they had suffered some kind of security breach – of which a staggering 63% had been down to user error.
That’s why the phrase “you’re only human” exists. We’re not super infallible beings; we slip up from time to time. And when we do, the consequences can be dire. Embedding security culture into your organisation is all about minimising those mistakes and providing humans with a framework that helps them make good decisions.
Creating a culture of security
All cultures need time to grow. It’s not something that’s going to happen overnight, but if you invest in the right tools and lead by example, you’ll soon be able to transform your organisation and create a secure, panic free environment.
1. Willingness to change
Successful organisations understand the importance of responding to what’s going on in the world and aren’t afraid of new technology.
2. Strong leadership
If staff see their managers sharing passwords, the message is that it’s ok to be lax about security. A solid security culture starts at the top and should be embedded in everything you do.
3. Celebrating success
For people to invest their time and effort, they need to see that it’s worthwhile. Good cyber security companies will be able to provide you with reports about suspicious activity and potential breaches. Sharing these with staff will help them understand they’re making a difference.
4. Return on investment
Cyber security services are all about lowering vulnerabilities and protecting data, but not all offerings are created equal. Selecting the right provider will enable you to show stakeholders you’re spending money wisely.