As you know, we love the work we do around security awareness, behaviour and culture, and we want you to as well! A positive attitude to cyber security awareness is central to behavioural and cultural change in any organisation. In our approach, we recognise that something so simple as recognition can be hugely powerful in enabling an organisation to develop and maintain its security awareness program.
What do we actually mean when we say an organisation needs to have a positive security culture? Well, as Jess explains in this
an organisation's culture has a big impact on its performance; this can be everything from market performance to staff retention. Your organisational culture is a reflection, and reinforcement, of the behaviours that are acceptable and normal, therefore if you have a positive security culture, you’re more likely to see engagement in good practice, individuals reporting incidents and actively engaging with awareness raising training. You've got to love that, right?
However, unfortunately it's taking a lot of organisations a while to catch up, with the many continuing to report on negative statistics that highlight a culture of fear. What these organisations don’t realise is that by showing people some love and celebrating those who do demonstrate the correct behaviours, (through the power of recognition!) you’re more likely to reduce your cyber risk, and create a positive security culture across the organisation. This is due to the phenomenon of social proof. People will model their behaviours based on how others act. If others are seen to be given positive recognition, this is something most people will strive to obtain themselves.
Recognition from peers is hugely influential, but recognition from senior management, that’s a different ball game! It’s important that during the development of your security awareness program you engage with senior management, as they can help in two particular aspects: provide recognition to individuals who are contributing to developing a good security culture and, the more you actively communicate the success of your programme, the more likely you are to gain their long-term support. Give yourself the opportunity to be recognised for your hard work.
This isn’t a new approach to us at Cygenta, but it’s something we are passionate about. We fundamentally want to enable organisations to develop and maintain a positive security culture through the empowerment of their teams.
I’ll be talking at Cyber Cheltenham (CyNam) on the 5th March, where the theme is 'The Human Element'. I’ll be discussing how a human sensor network in an organisation empowers individuals to identify and report security issues, and the role of security champions in this. Expect a fresh perspective on security awareness and culture with a focus on positive security behaviours.
Whether today is Valentines day, Galentines day or just another Friday for you, make sure you show those you care about some recognition, it can go a long way, trust us!
With love, Cygenta.