From Risky to Resilient: Improving your Workplace Cyber Culture

by | Sep 29, 2020

In some of our recent blog posts, the Resilience team has written about the most common threat vectors at work as well as ways to make sure you and your team maintain your cybersecurity, but one of the best ways to maintain cybersecurity is by creating a culture of cyber resilience in your workplace. Today we’ll share 5 tips from our own team for making sure your workplace has a cyber secure culture in place – and has the tools to maintain that culture in the face of risk.

1. Keep your cybersecurity protocols up to date and be transparent with changes

We’ve said it before and we’ll say it again – a clear and transparent cybersecurity protocol and policy is the first step towards both a culture of cyber resilience and towards actual protection in your workplace. Helping your employees to understand what is expected of them (and when!) will give them the tools and the confidence they need to be partners in security and will give management the tools they need to enforce policies. Providing your entire team with guidelines will help everyone know how to move forward in a new secure world.

“Having clear processes for our employees has always been my first line of defense for any company. Most team members want to be helpful but aren’t sure where or how to help. Give them guidelines they can follow, keep them up to date, and explain WHY all procedures and tools are in place. Make them feel like you’re all in this together.” – Dr. Ann Irvine

2. Provide education and training around cybersecurity and risk

We all know cybersecurity can be daunting when you’re just starting out. Consider providing your employees with regular updates on the cybersecurity landscape, threat vectors, etc as well as what these things mean for them and your company. Give new team members access to a glossary and make security training a part of your onboarding (include those protocols!) so that every employee starts on the same foundation.

“I’m in the cybersecurity industry and I have trouble keeping up with the changes! Here at Resilience, we’re constantly sharing news and updates with each other. In fact, we have a slack channel dedicated to it. Educating your team is a gift when it comes to protecting your organization.” – Jenny Shears-Teixeira

3. Identify key team members who can be cybersecurity leaders

As you continue to build out your cybersecurity protocols and educational program, consider including more of your team. Identify team members who have an inherent interest in cybersecurity in departments outside of the C-suite and deputize them to be leaders themselves by including them in your training program or asking employees to go to them with security concerns. Give them the tools they need to help your organization be successful and show your larger team that cybersecurity is a job for everyone.

“A lot of organizations only include leadership or C-level employees in their security team but this is a missed opportunity. You likely have folks throughout the organization who are already interested in cybersecurity and who can serve as role models for others. Tapping into your team is the best way to build a culture of resilience from the ground up.” – Davis Hake

4. Welcome (and even reward!) questions

And while you’re at it – make sure to both encourage and welcome questions from your team. Many employees may feel embarrassed or sheepish about their security questions but creating a culture of cyber resilience means creating a culture of transparency and openness about both cybersecurity and threats. When it comes to identifying risks, it’s better to be overcautious – by catching some benign threats, you’re ensuring that you’re catching most of the legitimate ones.

“I can’t count how many companies I’ve seen take a punitive route when it comes to security. But that only serves to instill fear in your employees. You’ll get a whole team full of people afraid to ask questions or bring up concerns. When it comes to risk, you want to welcome questions and encourage your team to voice their concerns – it’s the only way to address threats before they become a real problem.” – Harry Langdale

5. Recognize team members who are doing it right

Lastly, a great way to reinforce the culture of cyber resilience once you’ve built it is to recognize and reward those members of your team who are contributing in the way you’d like. Rather than punish those who aren’t quite living up to the ideal, use your key players to emulate best behavior. Reinforcing good behavior serves to also reinforce that positive, transparent culture you’re trying to build and the open, welcoming atmosphere that you’re hoping to achieve.

“I can’t agree more with Harry. Encourage your employees to ask questions and really, reward the team members who are doing it right. Ideally you’ve set your guidelines down and you know who is following them. Call them out and show the rest of your team that you’re serious about this.” – Emy Donavon

Threats to cybersecurity can be overwhelming but creating a culture of cyber resilience doesn’t have to be scary. By putting the right mechanisms in place early and maintaining them, you can help your team understand that cybersecurity is part of everyone’s job and move your organization forward when it comes to preventing risk. A few small steps now can pay off big in the future.

Sign up for updates from the Resilience team or follow us on LinkedIn for regular information, educational resources, and more.