The key to a sustainable security culture: Your workforce
Security must be a community effort, especially with a remote or hybrid workforce
August 31, 2021 | By Gerard Lendore
In a sustainable security culture, security belongs to everyone—not just those with “security” in their job title. How can you build a sustainable security culture and become more resilient? By turning your workforce from a risk to a security asset. Let’s dive in.
The human factor in security
Your security is only as strong as your weakest point—where your security team has the least control. The human element is always the least controllable or predictable element in a security strategy.
To strengthen this area, every person in your company needs to be a security practitioner. When your employees are all in and security is treated as a community effort, your company becomes more resilient.
The challenges of securing a remote workforce
In the past, employees haven’t been compelled to think about security because organisations typically have established security perimeters. While threats exist everywhere, there were certain dependable security elements while at the office: the physical security within the office, secure network and devices.
These security elements, likely taken for granted, disappeared once the pandemic forced people to work from home. Employees are more likely to have access to company information through personal devices. Work is being done through a home network. Who else is using that network?
Make security personal to everyone
Your effort to build a security culture won’t go far if your workforce continues to view security as a technical problem to be minded only by technical people. Employees won’t suddenly care more or do more about your company’s security posture without reason. To get each employee thinking about security in their day-to-day operations, make it personal to them. Don’t rely solely on scare tactics to get employees on board. Use security awareness trainings to help them see how security affects everything and everyone in the company.
No security question is too foolish
“If you see something, say something” only works if your employees feel empowered to say something. Cyberthreats like ransomware, malware and phishing use psychology, so we must factor psychology into building a security culture.
There’s a reason you still get spam calls: somebody out there is still falling for them. Phishing, malware and ransomware work because they cause panic. They compel a person to react immediately out of fear and isolation. Fight the panic with preparation. Fight the fear with education. Fight the isolation with community.
Make your security organisation a trusted resource by being available to answer questions—and teach your people that when it comes to keeping the business safe, there are no stupid security questions. Even creating a frequently asked questions guide on cyber hygiene can help. If you condition your workforce to take a moment and reach out when they are confused or encounter a potential cyberthreat, they—and your company—are less likely to fall victim to those threats.
Does your security strategy include building a culture where security is the cornerstone that enables your business?
Read more about how to bring security to the forefront in TEKsystems Security Issue of Transform Your World.