Developing a Culture of Security  

Shaun Bertrand
October 22, 2024
Blogs | Cybersecurity

In the interest of moving beyond conventional SAT guidance, it’s essential to treat employees as responsible adults capable of making informed decisions. By empowering individuals to assess risks, make sound choices, and respond effectively to potential threats, we can develop a culture of security within an organization that goes beyond traditional mechanisms. Let’s review some concepts on developing a culture of security within an organization.  

Recommendation 1: Leadership Involvement  

Having leaders actively participate in cybersecurity initiatives, demonstrating its importance from the top down, is easier said than done. We have found success within our customer base by including various leaders, stakeholders, and board members in incident response tabletop exercises. By incorporating the executive level into incident response (IR) tabletop exercises, they feel included and can provide significant value with their contributions during the exercise. They will also gain firsthand knowledge of the cybersecurity challenges that often do not make their way up the corporate food chain.  

Now, if you’re struggling to even get IR tabletop exercise operationalized in your organization, use data that will resonate with the executives to your advantage. Based on the recent 2024 Ponemon Cost of a Data Breach report, the average cost of a data breach for organizations in the United States has reached $4.88 million (a 10% increase from last year). Additionally, the report noted that organizations that conduct regular incident response exercises, including tabletop scenarios, can reduce their average breach costs by up to $1.2 million compared to those that do not engage in such preparedness activities​.  

Recommendation 2: Positive Reinforcement/Recognition Programs 

While I’ve often heard the narrative that “users are our weakest link,” I disagree with that statement. I view users as front-line troops on the battlefield. They are dealing with advanced phishing attacks that even the most educated users would have challenges identifying. Rather than treat them as our weakest link, we need to empower them through more effective training and positive reinforcement programs. 

One way to accomplish this is through recognition programs. By establishing incentives for employees who identify potential security threats or actively contribute to enhancing security measures, we are effectively embedding cybersecurity into the organizational culture. This approach advances a more proactive mindset among employees, encouraging them to take ownership of security practices and integrate them into their daily routines. As a result, cybersecurity becomes a shared responsibility across all levels of the organization, promoting a safer and more resilient environment against potential threats​.  

Another suggestion is to promote the importance of open communication. We should encourage employees to report suspicious activities without fear of repercussions, fostering a culture of vigilance.  

Recommendation 3: Gamification 

Who doesn’t like a good game that provokes learning and a sense of accomplishment? We’ve found that overall the majority of our customer employee base has benefited from gamification as it relates to cybersecurity awareness and training.  

One of the more reputable SAT vendors, KnowBe4, utilizes gamification techniques to enhance user engagement. It features interactive modules and phishing simulation campaigns that reward users for their achievements, making learning both fun and effective​.  

Taking this concept a step further, we’ve seen some of our customers reward employees between recognition programs and gamification strategies by incentivizing them. Many of our customers offer employees who overachieve in these areas free corporate swag, gift cards, recognition during all-hands meetings, and, in some cases, even awarding free PTO days or a “get out of work early” card.  

Conclusion

Nurturing a culture of cybersecurity within an organization is essential for enhancing resilience against evolving threats. Leadership involvement in initiatives, combined with positive reinforcement and recognition programs, empowers employees to take an active role in safeguarding their environment. Additionally, incorporating gamification into training can make the learning experience more engaging and effective.  

Ultimately, by embedding cybersecurity into the organizational culture, companies can cultivate a proactive workforce equipped to navigate the complexities of the digital landscape, ensuring that security becomes a shared responsibility across all levels. This Cybersecurity Awareness Month, let us commit to these strategies to create safer workplaces for everyone. 

Ready to take the next step? Schedule a consultation with our cybersecurity experts today to assess your current security posture and explore tailored solutions that can safeguard your future. Let’s work together to secure your world.

References

https://www.ibm.com/reports/data-breach

Follow Us

Recent Posts

Amazon Elastic VMware Service (EVS): What You Need to Know

Another inspiring AWS re:Invent is in the books, and there’s a lot to be optimistic about for the VMware Public Cloud space in 2025—specifically Amazon Elastic VMware Service (EVS).   Currently in preview, EVS allows users to run VMware Cloud Foundation...

Announcing the Launch of Our New Technology Podcast: Edge of IT

Podcasts have transformed the way professionals consume knowledge, offering insights on emerging trends directly from thought leaders. That’s why we’re thrilled to introduce Edge of IT, our new technology podcast, designed for IT professionals and tech enthusiasts....

Windows 365: The Future of Business Computing

In the competitive landscape of modern business computing, organizations demand flexible, secure, and scalable solutions to drive efficiency and innovation. Microsoft’s Windows 365 offers a game-changing platform that combines traditional desktop computing with...

Want To Read More?

Categories

You May Also Like…

Let’s Talk