How your approach to corporate culture can keep your information secure

How your approach to corporate culture can keep your information secure

How your approach to corporate culture can keep your information secure

Blog

Words by Aaron Stafford
Reading time 2 min

It’s often said, ‘people are the weakest link in cybersecurity’. I get that and I agree that we must seek to minimize human-related threat vectors. But I believe that if we view our people, our teammates, as our greatest security asset, then we start from a position of strength.

work from home security

I focus on two things when creating a secure organization that works effectively both in-office and from home: technology and culture. Both are important, both require resources. For many organizations, COVID-19 rendered void two key resources; a secure office network and time. Understandably this applied extraordinary pressure on IT and infosec teams; creating new priorities and pressurizing any in-flight initiatives, security, or otherwise.

The technical controls that keep information confidential, trustworthy and available aren’t the focus on this discussion. Briefly speaking though, we find that zero (technical) trust, least privilege and assume-breach are useful principles upon which to base our technical decisions.

They say the bad guys need only get it right once; but the good guys? They’ve got to get it right every time. What better way to maximize your chances of getting it right than by fostering a culture where everyone feels they’re an active part of the company’s infosec efforts? Here are three simple steps that can help:

  1. Communication: Regular company-wide messages from senior infosec leadership can demystify infosec and communicate that we’re in this together. Key information to share: topical infosec news, advice on staying safe and how infosec measures are always a balance between friction and control. Don’t restrict information to work-only. Don’t forget to share personal infosec tips too. Demonstrate that the need for security doesn’t end at five o’clock, and neither does your friendly infosec team and their desire to help.
  2. Encourage participation: When it comes to infosec, there really is a them and an us: There really are people trying to do bad things with our information, so communicating that we’re all active members of the infosec team is helpful. Encouraging everyone to play their part and reach out; to ask questions, share their concerns and what they’ve seen significantly increases the number of eyes on the lookout and bolsters the perimeter with active, rather than passive participants.
  3. Responsiveness: When people engage, then welcome it, act on it, and follow up. Even if the intel proves to be irrelevant, be grateful that someone took the time to reach out and tell them so. Over time, word gets around that infosec team isn’t just words of encouragement, but fellow teammates who, like anyone else, benefit from some help.

This simple communications approach spurs cultural change; it changes perceptions, and perception influences behavior. When message and action are applied consistently and across the business, then it becomes ‘normal’ for each individual to take part in everyday information security, regardless of the day job.

My company’s infosec team has about 1,600 people in it. How about yours?

Aaron Stafford

Chief Technology Officer

Did you liked what you’ve just read?

Make sure to check out our products.

See our products
How a solid relationship between CX and brand strategy can superpower your start-up

How a solid relationship between CX and brand strategy can superpower your start-up.

Insight Read more
How a solid relationship between CX and brand strategy can superpower your start-up

How a solid relationship between CX and brand strategy can superpower your start-up.

Expert digital strategist Marlon Heckman knows a lot about how start-ups and scale-ups can see epic growth with great CX. As someone who’s worked with a range of companies, from McKinsey to MTV, we wanted to pick his brain on why strategy and CX are the perfect partnership for an impactful start-up.

Insight Read more
5 key problems of remote work without a work from home strategy

4 reasons to implement a work from home strategy

Over the last year, millions have made the shift to WFH. Although benefits are aplenty, a fully remote workforce has its share of problems. But did you know you can overcome all of them with a solid work from home strategy?

Blog Read more