DarkReading.com reported “With cyberattacks becoming more
frequent and costly, not to mention the additional challenges
inherent in securing a remote workforce, it is more important than
ever that organizations build a culture of security.” The July
29, 2022 article entitled “3 Tips for Creating a Security Culture“
included the comments about TIP #1 “Don’t Be the Team of
“No””:
Security teams are often seen as the team of “no,”
or like the doctor telling you that you should really cut out salty
foods entirely. You might agree in general, but how realistic is it
that you never have salty foods again? If rules are overly
restrictive or they make tasks significantly harder, people are
going to cheat the system. We have to find a way to have more
carrot and less stick. We have to pave the road for employees so
that security isn’t a chore.
It is absolutely important for there to be training on
phishing attacks, use two-factor authentication, and regularly
change passwords. But how could we simplify this process? I’m a
big fan of companies giving employees a subscription to a password
manager. This solves one of those concerns while arguably making
employees’ lives a bit simpler. It’s very much about
building a two-way street rather than being a hardened gate. This
allows us to start building in processes alongside other
departments that make sense for their workflow. These processes
will change from company to company, but the key here is to look
for ways that security can be improved while also improving the
workflow for employees in general.
Here are all 3 TIPS:
- Don’t Be the Team of “No”
- Embrace Agility
- Break Down Silos
Great advice and well said!
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
