Why do organisations need a security culture? Isn’t software enough?

How many times have you heard people making excuses about “computer errors”? It’s the go-to response when payments are missed, astronomical bank charges are requested and files mysteriously go bump in the night. But the reality is, computers don’t make mistakes – they do exactly what we tell them to do. Humans, on the other hand? We’re always the weakest link – too much stress, a few drinks after hours and rushing to make it out the door by 5pm can all make people scatty.

According to a 2019 survey conducted by Censuswide, 89% of surveyed organisations in the UK said they had suffered some kind of security breach – of which a staggering 63% had been down to user error.

That’s why the phrase “you’re only human” exists. We’re not super infallible beings; we slip up from time to time. And when we do, the consequences can be dire. Embedding security culture into your organisation is all about minimising those mistakes and providing humans with a framework that helps them make good decisions.

Creating a culture of security

All cultures need time to grow. It’s not something that’s going to happen overnight, but if you invest in the right tools and lead by example, you’ll soon be able to transform your organisation and create a secure, panic free environment.

1. Willingness to change

Successful organisations understand the importance of responding to what’s going on in the world and aren’t afraid of new technology.

2. Strong leadership

If staff see their managers sharing passwords, the message is that it’s ok to be lax about security. A solid security culture starts at the top and should be embedded in everything you do.

3. Celebrating success

For people to invest their time and effort, they need to see that it’s worthwhile. Good cyber security companies will be able to provide you with reports about suspicious activity and potential breaches. Sharing these with staff will help them understand they’re making a difference.

4. Return on investment

Cyber security services are all about lowering vulnerabilities and protecting data, but not all offerings are created equal. Selecting the right provider will enable you to show stakeholders you’re spending money wisely.

5 steps to creating a sustainable security culture

Even if you’ve never given cyber crime more than a passing thought, the fact that you’re reading this right now means you’re on the way to creating a culture of security. Even small changes, like ensuring your team do some basic training on how to recognise a phishing email, can go a really long way towards making your business more secure. It’s going to take time for it all to filter through and become second nature, but with the right procedures and attitudes in place, you’ll get there.

1. Instill a sense of ownership

It’s common for people to think that cyber security is someone else’s problem: “Nah, it’s not up to me, it’s the IT guy’s job!” While it’s true that your IT provider should be taking overall responsibility for security tech and monitoring your system for suspicious behavior, that doesn’t mean the buck stops with them. A security culture is for everyone and adhering to the rules should be non-negotiable.

2. Provide the right training

As a general rule, people want to do the right thing – the vast majority of in-house data breaches have nothing to do with malicious intent, but lack of education. Simply sticking posters up around the office isn’t enough – they’ll become part of the furniture and get ignored. It’s important to assess everyone’s awareness of internet security and start with the very basics if necessary

3. Use mistakes as an opportunity to grow

Even the most organised organisations have their off days. Instead of trying to brush things under the carpet, use slip ups as a learning opportunity and build them into your risk assessment. No need to name and shame the individuals involved, but things like lost mobiles and accidental link clicks can become great teaching moments.

4. Implement a Secure Development Lifecycle (SDL)

An SDL is a set of processes and activities that organisations need to perform to keep their data and systems safe. It includes risk assessments and threat modelling, security patches, password management, upgrades and ongoing monitoring. If this all sounds like just another onerous task, the good news is that a reliable IT service provider will be more than happy to talk you through it.

5. Reward good behavior

It’s great if you’re in a position to offer perks for doing cyber security training and following good practice, but that’s not always possible. A simple thank you never goes amiss. And employees who go above and beyond to make cyber security a priority can perhaps be given roles like “security ambassador” or be featured in your company newsletter. Creating a culture of cyber security is good for everyone. It provides team members with opportunities to grow and learn. And gives both employees and customers peace of mind that their valuable data is being taken care of.

IT Support for Small Businesses

What technology may or may not mean for the future has always been something of a contentious subject. A scant few decades ago, while the very idea of a computer in every home was something out of science fiction, received wisdom was still that advantages in technology would lead to more leisure time as the “robots” did all the onerous jobs we didn’t want to do ourselves. Of course, this latter prediction has singularly failed to come to pass, but in terms of personal computing, in an age in which increasing numbers of people are bypassing the home computer stage entirely and there is instead a computer in every hand, pocket and car, our reliance on computer technology has increased exponentially.


39 Degress - tech support for business, Essex

If your car breaks down, for example, you are just as likely to need someone with specialised computer know-how as you are someone with years of experience under the hood. Which is why, of course, more and more mechanics are expanding their skill sets beyond the traditional world of spanners and oil changes.


39 Degress looking for specialist IT help

Nowhere is this more true than in business, especially the small business sector where you are less likely to have a complete specialist team on-site to deal with your problems. Which is where we come in. At Ghost Services , we are that complete specialist team. Over 300 organisations in the Essex, Hertfordshire and Cambridgeshire regions trust us to handle their storage, security and support services requirements.


39 Degress services for small businesses essex

Whether it’s on an ad hoc basis whereby we react to your individual crises as and when they occur via a system of tickets, or on a more permanent, contracted basis, we will act to immediately resolve any business critical problems that may arrive and ensure the smooth running of your operation. If contracted, we will effectively become your IT department, and with our experience and expertise, we will deal with the bits and bytes for you while you concentrate on making the pounds and pennies.

Contact us today on 01279 800039, or fill in our online contact form and we will come up with a quote for you, with no obligation to buy – or visit our website here