What cybersecurity culture: 7 tips for companies – Cybersecurity > Digital

The numbers are clear, one in two companies will be the victim of a cyberattack in 2022. To counter this phenomenon, to better protect companies and employees, all organizations must establish a culture of shared responsibility in terms of cybersecurity.

A strategy of cybersecurity Effectiveness often comes from respecting the basic principles: applying patches, perform updates necessary, do not open attached or click on suspicious links, and follow other daily best practices for using applications and systems.

However, it happens that these practices remain confined to IS teams, and they do not reach other employees. Seven recommendations are detailed here that aim to establish a culture of responsibility that encompasses all levels of organizations.

Management as the number one target

An effective cybersecurity culture is a culture represented by leaders which sets the course to be followed. They should not only validate the resources and the budget requested by DSI, but also set an example for other employees. Therefore, leaders and the CIO must help spread the message about cybersecurity. This could include, for example, putting cybersecurity inagenda of the meeting with everyone partnersto ask a manager’s opinion about training, or even, why not, to introduce a quarterly award, which will recognize good practices in cybersecurity. Management involvement makes it clear that the cybersecurity spectrum extends beyond the security team.

Define the mission and the challenges

If we are not to fall into “evil”, it is important to point out the essential nature of cybersecurity, for all organizations. Spend time with the cybersecurity team to discuss their homeworkhim strategy, and how it supports business operations is important. Concrete examples illustrate the reality of cyber risks as they present themselves today; it is possible to make them more influential by showing them real facts from the company’s business sector.

Be honest and transparent, and reveal the “nonsense” stuff

Using simple and direct language, rather than a proliferation of acronyms and technical jargon, is the best way to convey a message that everyone can understand.

Explain why cybersecurity awareness doesn’t stop at the company door

The business leader’s mission is certainly to secure his organization, but the cybersecurity culture he instills in employees must also spread outside the company framework. Cyber ‚Äč‚Äčthreats are everywhere, affecting both individuals and businesses. companies. Company managers should be aware that the skills applied at work also benefit employees in their private lives.

Make training fun, challenging and rewarding

The best teaching methods include one aspect playfulwhich will define an environment ofstudy stimulating. This requires the establishment of training programs that emphasizepublic relations. Above all, management needs to recognize/reward those who are most involved, or who behave appropriately. Each employee has a role to play, in the sense that the security of an organization is like the resistance of a chain: it is determined by its weakest link. Because many attacks target specific human factors, even the most basic functions within a business can make a big difference. If employees know they have a role to play, they will be more concerned and involved.

Set a positive environment

Everything can go wrong. Harsh reprimands for the slightest deviation will not encourage behavioral change (at least not for long). Better to focus on constructive criticism and methods of communication positive. At the same time, everyone knows the benevolent course laid out, so that everyone can learn from their mistakes.

MAYreceive feedback and help offered

Cybersecurity culture cannot be a one-way street. Communication must be two-way and organization-wide. For example, it is possible to set up a information security consulting, which includes stakeholders from all departments. So everyone’s opinion is important. Employees must know the policy of openness, where everyone’s comments and opinions are taken into account, and can make a difference. By setting up a suggestion box, it is also possible to get suggestions from team members outside of traditional security functions, but the partners are more likely to follow in management’s footsteps and own the defined mission, if they feel they have contributed to it.

More than ever, all organizations must adopt a strategy of cybersecurity. One of the most effective ways to achieve this is to establish a culture cybersecurity, which cannot be limited to the list drawn above. Other recommendations and tactics include the transposition of the security mission as a personal goal in the eyes of employees, the fact of making your organization understand that cybersecurity is a collective sport, and designating someone as responsible for the program and its proper implementation. But with just the seven recommendations above, establishing a cybersecurity culture should be effective at all levels of the organization.

To know more

Pascal Le Digol joins WatchGuard, in computer security, networks and telecommunications; he also holds the Certification of Information Security Professionals: CISSP (Certified Information Systems Security Professional).

Leave a Reply

Your email address will not be published. Required fields are marked *