How are you currently fostering security as part of your corporate culture? BrightCoach CEO, Peter Ashworth, defines corporate culture as “the DNA that provides guidelines, boundaries and expectations for your team and your customers, and is the primary platform to inspiring and motivating people…” So what is the key to developing a positive corporate culture? Strong communication.
Impacts of a negative security culture
As a security manager, you are focused on implementing measures that will safeguard your staff. But, you have to make sure that those measures are aligned with an overall culture that is centered around transparency and two-way communication. Why? If your staff isn’t on board with the security measures in place they will fail to comply, resulting in “increased risk of security incidents and breaches, reputation and financial damage, …[and] potential harm to employees, customers and/or business performance,” according to CPNI.
Facilitating a positive security culture
The consensus between security professionals on how to create a culture that is positive to the idea of security is this: involve your employees – educate them, inform them, allow them to take ownership.
How do you get started?
- It all begins with management. Upper management must support the implementation of new security measures and assist in communicating and enforcing compliance. A blog in SecureWorld written by Pamela Mitchell asserts, “If management commitment is increased, and the security awareness goals and message are communicated clearly and often, progress and improvement can be made in creating a security culture.” A fine line must be walked, though. An article published on InfoSecToday.com states “individuals will respond far better to rewards and recognition for success rather than being scared into compliance with the threat of losing their jobs.” Managers must be sure to acknowledge those who continually follow security procedures and set a good example for the rest of the organization.
- Policies and procedures need to be established and reinforced, often. It’s one thing to create security protocols, but quite another to make sure that they are communicated regularly. So after the initial employee-onboarding security training program, what’s next? An article by Trace Security says, “send out frequent email reminders, perform ongoing training, put posters up… almost anything you can think of to keep security at the forefront of peoples’ minds will make them more likely to act sensibly.”
How do you know when you’ve achieved a truly positive security culture? An article in Security Magazine says, “the ultimate measure of cultural transformation is when people behave in the new, desired ways even when no one is watching or reminding them to do so. They do it because that’s just the way we do things around here...”