3 min read

How to Make security an Ingrained Part of Your Culture

Featured Image

Your staff are your first line of defense when it comes to protecting your organization from cyberthreats. Human error is one of the single biggest culprits behind cyber-attacks. It comes down to someone falling for a phishing scam, clicking an unknown link or downloading a file without realizing that it’s malicious.
Because your team is so critical to protecting your organization from cyberthreats, it’s just as critical to keep your team informed and on top of today’s dangers. One way to do that is to weave cyber security into your existing company culture.

Watch our On-Demand Cybersecurity Webinar

How Do You Do That?

For many staff, cybersecurity is rarely an engaging topic. In truth, it can be dry at times, especially for people outside of the cyber security industry, but it can boil down to presentation. RoundTable has years of experience with transforming cybersecurity from a geek-speak tech session to a fun, engaging experience. Our 5th annual Best Free 1-Hour Cybersecurity Training Ever covers the topics your staff need to understand so that they can make cybersecurity practices part of their normal workday.

Bring It Home For Your Team. One of the reasons why people are often disconnected from topics related to cybersecurity is simply because they don’t have firsthand experience with it. This is also one reason why many small nonprofits and small businesses don’t invest in cybersecurity in the first place – it hasn’t happened to them, so they don’t think it will. Following that logic, why invest in it at all?

The thing is that it will eventually happen. It’s never a question of if, but when and how bad. Cyber threats are more prevalent and more severe than ever. Attacks against nonprofit organizations are on the rise. We hear stories regularly about millions of people having their personal data stolen. Unfortunately, it’s all too easy to find examples that your staff can relate to, names they are familiar with, and discuss the damage that’s been done.

If possible, bring in personal examples. Maybe you or someone you know has been the victim of a cyber-attack, such as ransomware or a data breach. The closer you can bring it home to your employees, the more they can relate, which means they’re listening.

Collaborate With Your Employees. Make cybersecurity a regular conversation with employees. Create an environment where it’s not just ok to be extra careful and verify -- it’s encouraged and praised.

Part of that can include transparency and discussion about cybersecurity. If Julie in accounting received a phishing email, talk about it. Bring it up in the next weekly huddle or cross-organizational meeting. Talk about what was in the email, show it to people and point out its identifying features. Do this every time a new or particularly curious phishing email reaches one of your staff

Maybe Amir received a mysterious email and made the mistake of clicking the link within that email. Talk about that with everyone, as well. It’s critical to make sure this is NOT about calling out Amir. It’s about having a conversation, learning from the experience and reminding staff that it could happen to anyone. . The focus should be on educating and filling in the gaps. Keep the conversation going and make it a normal part of your company’s routine. The more you talk about it and the more open you are, the more it becomes a part of the company culture.

Keep Things Positive. Coming from that last point, you want employees to feel safe in bringing their concerns to their directors or managers. While there are many cyberthreats that can do serious damage to your organization (and this should be stressed), it is essential to create an environment where staff are willing to ask for help and are encouraged to learn more about these issues. Creating a positive, educational, collaborative environment is the best way to make cyber security a normal part of your organization’s culture.

Plus, taking this approach builds trust, and when you and your team have that trust, it becomes easier to tackle issues of data and network security – and to have necessary conversations.

Need help creating a cyber security company culture that’s positive? Don’t hesitate to reach out to RoundTable. We can help you lay the foundation for educating your team and ensure that everyone is on the same page when it comes to today’s constant cyberthreats. And check out our free Best 1-Hour Free Cybersecurity Training and share the training with your entire staff.

Watch our On-Demand Cybersecurity Webinar

NY SHIELD Act Compliance Checklist for Nonprofits

The New York SHIELD Act (“SHIELD”), which went into effect in 2020, provides needed clarity around what constitutes reasonable data security. The use...

Read More

Protect Yourself from Fake QR Codes

With the pandemic also came a resurgence of QR codes. Once thought dead, at least in the United States, they are now more widespread than ever. From...

Read More

What is Pretexting? How to Avoid Being Victimized

Pretexting is a type of social engineering attack that is often used to gain access to confidential information. In a pretexting attack, the attacker...

Read More