How to create a cyber security culture in your business

No business wants to see its name in the headlines when the next cyber security breach story breaks. However, with the never-ending advancements in workplace technology, unfortunately, no company is immune from being targeted. Which is why you need a cyber security culture.

While it’s imperative for businesses to take the necessary steps to reduce an organisation’s vulnerability, they also need to make appropriate adjustments early enough to protect internal resources and their customers.

Spread the word

Cyber security shouldn’t be seen as an ‘IT department thing’; it’s everyone’s responsibility to the business. Culture is the operating system of every organisation so having total employee buy-in is essential to achieve success.

Ensure all employees at all levels are on board with your cyber security strategy. This is critical. As a starting point, regularly provide employee training on the best I.T. and security practices and then check staff are following through with what’s been taught.

Try to make the training relevant to employees’ lives outside the organisation and show them how to use this information to protect their personal online lives as well. This will resonate far more effectively.

Know your third parties

You may feel safe knowing your own internal systems are secure, but there’s no end to major cyber breaches which have originated from third-party suppliers.

However, research has shown when companies evaluate the security and privacy policies of all suppliers, the likelihood of a breach falls from 66 percent to 46 percent. So, a key focus should be making cyber security a central part of the decision and contract signing process when forming new partnerships.

Once you’ve established which vendors will have access to the most sensitive data, you can use a  variety of methods to boost security measure between all parties. For example; you could discuss the option of regular vendor self-assessments or ask them to purchase specific cyber insurance.

If your company or an external supplier experiences a data breach, it’s important to create an intelligent response plan outlining the potential scenarios and business impact both companies could face.

It’s imperative to prioritise the critical systems you’ll need to keep online and to have a strong communication plan in place so you can inform other partners, customers and the public of any security issues, in a timely and sensitive manner.

Process perfection

With GDPR soon coming into force, security and privacy should be at the heart of all your internal processes and updated according to the new regulations, if it hasn’t already been done. However, with today’s employees regularly connecting personal devices to corporate networks or using company phones and laptops for remote working, it can be tricky to implement these practices.

Set out some internal guidelines for all staff to follow and ensure you provide regular training on these protocols, so all staff are aware of any changes in regulations or internal requirements. This should improve self-management, strengthen protection against external attacks and promote accountability across the business at all levels.

Another issue is the access employees have to particular files and information. Putting a monitor in place and limiting the availability of specific data, will make it easier to track viewing privileges and where and how that information is being used.

Customer interaction

Creating a better cyber security culture extends to your customer base too. You must ensure you’re being completely transparent and honest with your customers to gain their trust.

If your organisation is facing a cyber-attack or data breach, you should inform all customers immediately. They will need to know what has happened, what they can do to protect themselves and what you will do in the future to prevent this from re-occurring.

Make sure you to try to reach as many customers as quickly as possible by sending out emails, text messages or social media updates. You could even place a prominent, temporary banner on your website’s homepage letting customers know an incident has occurred.

Encourage customers to re-confirm their preferences once the breach has been resolved and try to compensate any victims as much as reasonably possible, to show customers you are aware of how they feel and they are a priority for your business.

The moral of the story is all workers have a role to play in the success or failure of a business and this principle extends to cyber security too. Implementing processes that are both comprehensive and resilient will help to limit damage from breaches or attacks, speed recovery, enhance customer satisfaction and create a stronger, more-informed business culture.

By Adam Louca, Chief Technologist- Security, Softcat