Home » Business » Digital Transformation » How to Develop an IT Security Culture in the Workplace
There’s a prank going around offices today that will ruthlessly name and shame individuals who don’t take computer security seriously.
It goes like this: walk away from your computer without locking it and return to discover a colleague has sent an email from your account to the entire organisation explaining that you’ll be walking strangely for the rest of the day because you’ve torn your trousers.
When you’ve got through the emails from concerned co-workers and explained yourself to the sniggering at the coffee machine, you will hopefully twig just how vulnerable we all are to harmful online activity, and how easy it is to forget about this critically important issue.
The trick points to the broader problem IT departments have when it comes to stopping sensitive data from falling into the wrong hands. It also demonstrates how we all need to take responsibility if a culture of online security can be nurtured successfully.
Below are four considerations bosses need to make when trying to implement such a culture, none of which are related to trousers.
Online security is as important to the average person in the street as it is for the global organisations that hold our personal data. Social media has made the issue even more critical, as users share personal data in a relaxed frame of mind. Picture that pout and its sultry message: “Hey baby, keep IT security measures in focus as you check out my new dress.” Maybe not.
For companies to combat this dismissive mindset, a layered approach is needed to incrementally nurture awareness of online safety.
The responsibility for sending out these important messages must come from the top. Apathy is a key obstacle to overcome; if large corporations and governments are found guilty of not taking cybersecurity seriously, why should anyone else bother?
As such, employers need to go to lengths to demonstrate how security breaches could impact upon workers and the business alike on a day-to-day basis.
Just as victims of the torn-trousers prank will discover, games and friendly competition can be useful allies in the battle to win staff engagement.
Bosses can tap into the right spirit by holding competitions between departments and allocating points based on how many ‘dos and don’ts’ of cyber-protection each team adheres to over the course of a week. Even without decent prizes on offer, you’ll be surprised by how seriously workers will take the task in an attempt to get one over on colleagues.
The comedy approach is favoured by head of IT security at TNT Express, Phil Cracknell, who employs Star Wars-themed videos to spread the online health gospel. In one of those videos, Darth Vader arrives at a reception desk trying to blag his way into the building with the old “You know who I am” routine.
Emailed to staff each day, the videos were an entertaining and memorable articulation of a serious topic.
A new culture of IT diligence can only grow if it has a robust set of standards at its foundation. Formally written protocols for the prevention of and addressing of cyber-attacks should be put together and distributed, enabling workers to clearly see what expectations lie on their shoulders. As such, individuals will be able to carry out their duties in a more measurable and seamless manner.
These standards can be nourished if diligence in this area is recognised and rewarded. Again, this will serve to reinforce the vital message throughout the workforce that cyber security is taken seriously.
Keep things simple and aligned to business
As key as online security is, employees must still be able to do their jobs. With this in mind, bosses should try to align new strategies gradually, so that the culture change is accepted and respected.
These changes should always begin in the most relevant areas of the business, so that employees can understand the concerns in a logical and workable context.
Far from there being a panacea tactic to IT security, the bedrock of a sound culture must be founded upon awareness, education and collaboration.
Bosses must always be aware that the fight is ongoing, and keep developing tactics to prevent their company’s data from being placed into the hands of the dark side.