How to Cultivate a Cyber Risk-Aware Culture in Your Organization
Believe it or not, your employees can potentially expose your organization to huge amounts of cyber risk — whether it’s carelessly handling sensitive data, succumbing to phishing attacks, or password mismanagement — most data breaches directly or indirectly all point to user awareness issues.
Apart from the longer-term damage to the company’s reputation, which could result in lost customers and regulatory fines, data breach may cost your organization millions of dollars in credit monitoring fees to customers and employees.
Creating or changing a culture doesn’t happen overnight. It takes time and needs a holistic approach that must be consistent and varies according to the organizational setup.
Here are several measures to cultivate a cyber-risk culture in your organization:
Leaders model ideal behavior for their organization, and employees look to company leadership to set expectations for cyber risk management. Leaders must signal to employees that cyber risk management is a top priority if they want employees to adopt cyber risk-aware practices.
Organizations should require regular-interval cyber training and emphasize the importance of desired cyber behaviors in new hire and other learning events, including inclusion of non-traditional creative learning experiences such as microtraining, gaming, and mobile delivery.
Organizations can make use of the Human Resource Department to deliver regular internal communications through multiple channels (not just email) to tailor to diverse corporate audiences (e.g., text messages, printed material, videos, and collaboration platforms).
A cyber risk-aware culture encourages and challenges employees to think “cyber” when the unexpected happens. Rather than attributing a mysterious event to an anomaly or hoping it won’t happen again, employees with a cyber risk-aware culture are more likely to report and escalate unknown events. “If you see something, say something.” A cyber risk-aware culture exists when an organization’s values and the behaviors of its leaders and employees collectively and actively support the enterprise-wide cyber risk management strategy.