How IT Execs Can Foster a Culture of Digital Safety
- Shannon Flynn
Cybercrime today is at an all-time high. Businesses suffered 50% more cyberattack attempts per week in 2021 than in 2020—and up to 93% of company networks can’t stop cybercriminals from infiltrating them.
As teams rely more on the internet of things (IoT), SaaS, and the like, this already troubling landscape will likely only worsen.
The rapid shift to hybrid workspaces has led to a massive uptick in vulnerabilities. Most of the time, remote workers don’t operate as secure of a network and they don’t have access to the same human and technical resources as they would in-office.
In this distributed work environment, the responsibility of digital safety falls to everyone.
In-office IT staff can no longer keep everyone else safe by themselves. With hybrid work comes more autonomy, including independence when it comes to cybersecurity tools and practices.
Workers are increasingly responsible for their own security, but as IT professionals know, users are a system’s weakest link.
With the average cyberattack costing upwards of $4 million and workplaces becoming more distributed, cybersecurity must be a company-wide effort. Companies need to foster a culture of digital safety, and that falls to those in management positions.
Here’s how IT execs can foster a culture that prioritizes digital safety.
Create a Clear Cybersecurity Policy
The first step in creating a culture of cybersecurity is creating a clear policy. This will make best practices and company-specific guidelines easier to understand and follow.
Psychology research teaches that repeated actions gradually become habits over time.
Consequently, your policies should focus on repetitive behaviors so that, after enough time, best practices will become second nature.
Regular, scheduled password changes are an excellent example of a policy that simultaneously reduces risks while reinforcing good habits.
Another crucial policy is immediate communication about any potential threats, glitches, unusual activity, or questions. Open communication will make cybersecurity a natural part of workplace behavior.
Management should also go over these policies with new hires during onboarding and look for digital safety-minded employees to hire.
Remember to enforce policies fairly and consistently to reinforce their importance.
Integrate Digital Safety into Training
Digital safety training courses will also help make security a natural reaction and not something workers have to think about first.
IT leaders should hold regular sessions addressing spotting phishing attempts, password management, handling confidential data and, for remote employees, VPN usage and network segmentation.
This training should include company-specific needs. IT execs can find these by reviewing security incident histories to look for trends. Any frequently targeted vulnerabilities or repeated mistakes deserve attention in employee training.
When Yahoo built a culture of cybersecurity, it found measuring results was essential to successful training. After training employees, you should test them to reinforce practices and see how impactful the session was.
For example, after a social engineering training session, IT could simulate a phishing attack to assess how employees apply what they’ve learned, then hold a post-mortem session to go over what they did right and wrong.
Remember: this isn’t a one-and-done process. Training and assessments should regularly go over the same topics to reinforce key ideas and measures.
Gamification can make these more interesting, make the lessons more likely to stick, and motivate employees. Create a spirit of competition or offer rewards to increase engagement.
Lead by Example
IT management must also lead by example. If employees see their company’s cybersecurity leaders ignoring best practices, it’ll undermine the impact of any training sessions.
Workers won’t have much motivation to practice the recommended digital safety practices.
Leading by example increases commitment to the organization, which will motivate employees to be safe.
Without that commitment, workers may not care enough about the business to take the time to protect it. They could become complacent, leading to risky behavior and poor cyber hygiene.
IT leaders should go above and beyond company security policies to model ideal behavior. Others in the workplace may not match their effort level, but if they fall short, they’ll still meet company standards.
When IT management does this, they can also point to their own actions as examples during digital safety training sessions.
Leaders Must Play a Bigger Role in Cybersecurity to ensure Digital Safety
Cybersecurity is a matter of building a culture around digital safety, and company culture starts at the top. If tech leaders hope to secure their organizations, they must influence company-wide behaviors.
IT management should work together with other departments to parlay their expertise to secure their organization.
Tech experts can provide the technical details of what needs to be done, and others—like HR cybersecurity experts—can translate that into policies and training that sticks with employees.
Explore More Resources
- Blog
- Blog
- Blog
- Blog
Your Trusted Source for Cyber Education
Sign up for ThriveDX's quarterly newsletter to receive information on the latest cybersecurity trends, expert takes, security news, and free resources.