5 steps to creating a sustainable security culture

Even if you’ve never given cyber crime more than a passing thought, the fact that you’re reading this right now means you’re on the way to creating a culture of security. Even small changes, like ensuring your team do some basic training on how to recognise a phishing email, can go a really long way towards making your business more secure. It’s going to take time for it all to filter through and become second nature, but with the right procedures and attitudes in place, you’ll get there.

1. Instill a sense of ownership

It’s common for people to think that cyber security is someone else’s problem: “Nah, it’s not up to me, it’s the IT guy’s job!” While it’s true that your IT provider should be taking overall responsibility for security tech and monitoring your system for suspicious behavior, that doesn’t mean the buck stops with them. A security culture is for everyone and adhering to the rules should be non-negotiable.

2. Provide the right training

As a general rule, people want to do the right thing – the vast majority of in-house data breaches have nothing to do with malicious intent, but lack of education. Simply sticking posters up around the office isn’t enough – they’ll become part of the furniture and get ignored. It’s important to assess everyone’s awareness of internet security and start with the very basics if necessary

3. Use mistakes as an opportunity to grow

Even the most organised organisations have their off days. Instead of trying to brush things under the carpet, use slip ups as a learning opportunity and build them into your risk assessment. No need to name and shame the individuals involved, but things like lost mobiles and accidental link clicks can become great teaching moments.

4. Implement a Secure Development Lifecycle (SDL)

An SDL is a set of processes and activities that organisations need to perform to keep their data and systems safe. It includes risk assessments and threat modelling, security patches, password management, upgrades and ongoing monitoring. If this all sounds like just another onerous task, the good news is that a reliable IT service provider will be more than happy to talk you through it.

5. Reward good behavior

It’s great if you’re in a position to offer perks for doing cyber security training and following good practice, but that’s not always possible. A simple thank you never goes amiss. And employees who go above and beyond to make cyber security a priority can perhaps be given roles like “security ambassador” or be featured in your company newsletter. Creating a culture of cyber security is good for everyone. It provides team members with opportunities to grow and learn. And gives both employees and customers peace of mind that their valuable data is being taken care of.