Building a Culture of Cybersecurity Accountability By Corey Nachreiner, CSO at WatchGuard

…….providing seven top tips to create a culture of cybersecurity accountability

Effective cybersecurity comes down to getting the basics right: patching, updating, not clicking on suspicious links or attachments, and following best practices for using applications and systems. But sometimes this knowledge just resides within the network admin and cybersecurity teams, creating a wider company culture that’s susceptible to attack – rather than a culture of accountability.

1. Start with leadership

A successful cybersecurity culture starts with the executives. The leadership team is where an organisation looks for guidance. Not only will they have to approve any resource and budget you need for your programme, but they need to set an example and help spread the cybersecurity message.  This could include time spent discussing cybersecurity during companywide meetings, executive views on upcoming training, or  a quarterly award for the best cybersecurity practices. Leadership buy-in shows cyber security goes beyond the company’s security team.

2. Define the mission and what’s at stake.

While you don’t want to spread fear, uncertainty, and doubt (FUD), it is crucial to share the importance of cybersecurity. Spend time discussing the mission of your cybersecurity team and how it supports your business. Use real-life examples to illustrate the reality of today’s cyber risk; make them more impactful by including data and industry stories that show real-life harm that attacks have inflicted on companies.  If you spend time sharing why your team creates security policies, employees will be more willing to follow them.

3. Be honest and transparent using plain language

Security centres around trust. The best way to establish trust is via honesty and transparency. Using plain language to convey messages that any employees can follow is the best way to build a rapport within your organisation. You won’t impress your co-workers by using obscure industry lingo or terminology.

4. Explain why cybersecurity awareness matters

While your mission is to secure your organisation, the same cybersecurity culture you instil in employees will also help them at home. Cyber threats are ubiquitous and have affected home users as much as corporations. Make sure employees know the practices they follow at work will serve them well in their personal lives too.

5. Make training, fun, engaging and rewarding

While cybersecurity is a serious topic that doesn’t mean it has to be boring. The best education programmes encourage an engaging learning atmosphere. Focus on audience interaction and reward individuals who do the right things or engage the most. Cybersecurity culture will develop much faster with a carrot, not a stick. Everyone makes a difference as an organisation’s security is only as strong as its weakest link. With many attacks preying on individual human factors, even the most basic roles can make a big difference.

6. Create a positive atmosphere

Everyone messes up sometimes. Punitive actions for mistakes will not drive behavioural change, at least not for long. Focus on constructive criticism and more positive communication methods. Makes sure your organisation knows you provide a safe way to learn from mistakes or failure.

7. Finally, welcome feedback and help

Cybersecurity culture should not be a one-way street. Communication needs to flow both ways and across the entire organisation. Create an information security council that includes stakeholders in all departments, not just IT and security. This conveys the belief that everyone’s feedback matters. Make sure employees know you have an open-door policy where everyone’s feedback and input make a difference. Start a suggestion box. Not only might you get amazing ideas from team members outside traditional security roles, but people are much more likely to adopt your mission if they feel they have contributed to it.

Now, more than ever, companies in all industries of all sizes must adopt a cybersecurity policy. One of the best and most effective ways to do this is by curating a healthy organisation-wide cybersecurity culture.

The list doesn’t stop with the seven points above.  Additional tips and tactics include making your security mission personal to employees, helping your organisation understand cybersecurity is a team sport, and appointing someone with accountability for the cyber security programme, to help drive it. However, starting with the tips above will help you build a cybersecurity culture that will stick within all levels of your organisation.

For More info please Visit: www.watchguard.com