How your approach to corporate culture can keep your information secure

How your approach to corporate culture can keep your information secure


Words by Aaron Stafford
Reading time 2 min

It’s often said, ‘people are the weakest link in cybersecurity’. I get that and I agree that we must seek to minimize human-related threat vectors. But I believe that if we view our people, our teammates, as our greatest security asset, then we start from a position of strength.

work from home security

I focus on two things when creating a secure organization that works effectively both in-office and from home: technology and culture. Both are important, both require resources. For many organizations, COVID-19 rendered void two key resources; a secure office network and time. Understandably this applied extraordinary pressure on IT and infosec teams; creating new priorities and pressurizing any in-flight initiatives, security, or otherwise.

The technical controls that keep information confidential, trustworthy and available aren’t the focus on this discussion. Briefly speaking though, we find that zero (technical) trust, least privilege and assume-breach are useful principles upon which to base our technical decisions.

They say the bad guys need only get it right once; but the good guys? They’ve got to get it right every time. What better way to maximize your chances of getting it right than by fostering a culture where everyone feels they’re an active part of the company’s infosec efforts? Here are three simple steps that can help:

  1. Communication: Regular company-wide messages from senior infosec leadership can demystify infosec and communicate that we’re in this together. Key information to share: topical infosec news, advice on staying safe and how infosec measures are always a balance between friction and control. Don’t restrict information to work-only. Don’t forget to share personal infosec tips too. Demonstrate that the need for security doesn’t end at five o’clock, and neither does your friendly infosec team and their desire to help.
  2. Encourage participation: When it comes to infosec, there really is a them and an us: There really are people trying to do bad things with our information, so communicating that we’re all active members of the infosec team is helpful. Encouraging everyone to play their part and reach out; to ask questions, share their concerns and what they’ve seen significantly increases the number of eyes on the lookout and bolsters the perimeter with active, rather than passive participants.
  3. Responsiveness: When people engage, then welcome it, act on it, and follow up. Even if the intel proves to be irrelevant, be grateful that someone took the time to reach out and tell them so. Over time, word gets around that infosec team isn’t just words of encouragement, but fellow teammates who, like anyone else, benefit from some help.

This simple communications approach spurs cultural change; it changes perceptions, and perception influences behavior. When message and action are applied consistently and across the business, then it becomes ‘normal’ for each individual to take part in everyday information security, regardless of the day job.

My company’s infosec team has about 1,600 people in it. How about yours?



Aaron Stafford

Aaron Stafford

Chief Technology Officer

Did you liked what you’ve just read?

Make sure to check out our products.

See our products

High 5: A conversation with Wassi Arambatzis.

Interview Read more

High 5: A conversation with Wassi Arambatzis.

After 23 years in the CX industry, there are few places left in the world that Wassilios (‘Wassi’) Arambatzis hasn’t yet signed a CX transformation deal or opened up a new market for international expansion.

So when it was announced that he was joining 5CA in the newly-created role of Chief Growth Officer, we wanted to sit down with him and find out what makes this man tick. And who better to shoot the breeze for our new High 5 series with Wassi than our very own VP of Marketing, Marlon Heckman.

Interview Read more

How a solid relationship between CX and brand strategy can superpower your start-up.

Expert digital strategist Marlon Heckman knows a lot about how start-ups and scale-ups can see epic growth with great CX. As someone who’s worked with a range of companies, from McKinsey to MTV, we wanted to pick his brain on why strategy and CX are the perfect partnership for an impactful start-up.

Insight Read more

5CA Conversations with… Pascal Debroek – The PX Hub

At 5CA we’re obsessed with great CX as well as the people who help to shape it. In our new ‘Conversations’ series we sit down with some of the most passionate, interesting people in our industry to talk about what makes for standout customer experience. To kick off our series, our very own Rory Stark is here in conversation with Pascal Debroek.

Blog Read more