Security-consciousness is more natural for some organizations than others. For certain industries, like finance or data management, it is almost ‘built-in’… but, all companies are a target for data breaches and ransomware, and employees are a primary entry-point for hackers, so how mindful your people are of security risks is increasingly important. The traditional response to this has been a one-and-done end-user training. A deeper avenue is to equip your employees with an awareness of the risks, and the behaviours to mitigate them but if they aren’t motivated to comply, this can fall flat. So, how do you create a work culture that is security conscious, when you are not in an industry where it is already ‘built-in’?
The answer will require collaboration across multiple teams, top-down and bottom-up tactics, and making the solutions you implement both visible, and pervasive. Below are five considerations for building a security-conscious work culture.