How your approach to corporate culture can keep your information secure | 5CA

How your approach to corporate culture can keep your information secure

It’s often said, ‘people are the weakest link in cybersecurity’. I get that and I agree that we must seek to minimize human-related threat vectors. But I believe that if we view our people, our teammates, as our greatest security asset, then we start from a position of strength.

How your approach to corporate culture can keep your information secure

How your approach to corporate culture can keep your information secure

Blog

Words by Aaron Stafford
Reading time 2 min

It’s often said, ‘people are the weakest link in cybersecurity’. I get that and I agree that we must seek to minimize human-related threat vectors. But I believe that if we view our people, our teammates, as our greatest security asset, then we start from a position of strength.

work from home security

I focus on two things when creating a secure organization that works effectively both in-office and from home: technology and culture. Both are important, both require resources. For many organizations, COVID-19 rendered void two key resources; a secure office network and time. Understandably this applied extraordinary pressure on IT and infosec teams; creating new priorities and pressurizing any in-flight initiatives, security, or otherwise.

The technical controls that keep information confidential, trustworthy and available aren’t the focus on this discussion. Briefly speaking though, we find that zero (technical) trust, least privilege and assume-breach are useful principles upon which to base our technical decisions.

They say the bad guys need only get it right once; but the good guys? They’ve got to get it right every time. What better way to maximize your chances of getting it right than by fostering a culture where everyone feels they’re an active part of the company’s infosec efforts? Here are three simple steps that can help:

  1. Communication: Regular company-wide messages from senior infosec leadership can demystify infosec and communicate that we’re in this together. Key information to share: topical infosec news, advice on staying safe and how infosec measures are always a balance between friction and control. Don’t restrict information to work-only. Don’t forget to share personal infosec tips too. Demonstrate that the need for security doesn’t end at five o’clock, and neither does your friendly infosec team and their desire to help.
  2. Encourage participation: When it comes to infosec, there really is a them and an us: There really are people trying to do bad things with our information, so communicating that we’re all active members of the infosec team is helpful. Encouraging everyone to play their part and reach out; to ask questions, share their concerns and what they’ve seen significantly increases the number of eyes on the lookout and bolsters the perimeter with active, rather than passive participants.
  3. Responsiveness: When people engage, then welcome it, act on it, and follow up. Even if the intel proves to be irrelevant, be grateful that someone took the time to reach out and tell them so. Over time, word gets around that infosec team isn’t just words of encouragement, but fellow teammates who, like anyone else, benefit from some help.

This simple communications approach spurs cultural change; it changes perceptions, and perception influences behavior. When message and action are applied consistently and across the business, then it becomes ‘normal’ for each individual to take part in everyday information security, regardless of the day job.

My company’s infosec team has about 1,600 people in it. How about yours?

Aaron Stafford

Chief Technology Officer

Like what you just read?

Check out our services.

Learn more
Top Customer Support Challenges - Blog cover

The Top Challenges Customer Support Leaders Face Today

Blog Read more
Technology Blog Cover Image

Emerging Technology and AI Trends Shaping the Future of Customer Service: a 5CA Perspective

Staying updated on technological advancements is essential for customer service professionals navigating the rapidly evolving field of automation and AI. At 5CA, we’re committed to integrating innovative solutions into our services while exploring the future of AI-driven customer experiences.

Blog Read more
Cybersecurity

October Wrap-Up: Every Month is Cybersecurity Month at 5CA

As we have closed out Cybersecurity Month, I wanted to take a moment to reflect on the critical importance of this initiative for us as a company and for all of us as individuals.

Blog Read more