Fighting Blame and Promoting Proactivity within Cyber-Security

Data breaches happen for so many reasons, ranging from purely technological issues to human errors.  Cybersecurity is about mitigating risks and being vigilant in different ways. One of the most vital things you can do to boost security for your company is create a culture that establishes a sense of personal responsibility combined with psychological safety. With an attitude of unity, employees feel safe asking “dumb” questions and reporting potential risks and concerns that could possibly lead to exploited vulnerabilities. Destigmatizing the way security issues are treated and reported can go a long way in reducing risks across the spectrum.

Support employees as whole people bringing both personal and professional hopes and concerns to work with them every day – create safe places for employees to share issues and questions of any sort. Happy, supported people are more likely to be careful, observant, and feel loyal to the company than employees who are burnt out or nervous. When morale is low, people are more likely to feel detached and avoid “going the extra mile” to proactively address security concerns.

Try integrating these tips to allow for more openness and transparency when it comes to security issues:

1. Approach tech issues with an “If you see something, say something” attitude. Do not blame or otherwise punish employees who report issues, even if they are the cause of the issue. This type of policy should be included in employee handbooks and formal trainings to make it very clear that it’s supported from the top of leadership down.
2. Understand that even contractors and 3rd party vendors can be important team members to connect with and consider as stewards of company security. If you focus exclusively on employees, you may miss hands-on workers who are closely linked to infrastructure where risk can arise.
3. Make sure teams know where and how to report concerns and issues– from security to HR, or other types of feedback. Consider making any reporting anonymous.
4. Implement a cybersecurity training and compliance program to ensure employees know what security vulnerabilities can look like and how cyberattacks happen. This way, they are armed with the knowledge required to take a more proactive approach.
5. Start conversations. Ask about specific potential issues and general concerns regarding security and make space to listen to what teams have to say.
6. Encourage teams to take pride in cybersecurity vigilance by rewarding employees who correctly identify and communicate risks, such as phishing attempts.

Overall, when thinking about how to promote cyber security, it’s key to consider the human aspect. By creating a culture of accountability combined with psychological safety can help inspire, not only basic compliance, but proactive vigilance across the organization.