Does your company culture affect the overall cyber security?

Cyber security and company culture goes hand-in-hand. Chances are if your company has poor cyber security awareness, meaning your employees are unaware of potential risks and threats, you are more exposed for an attack. A culture of good cyber security must be an integral part in the way we work, and all employees must share the drive in order to be successful. This means building a good understanding of why cyber security is important and having a clear picture of how to react and report when cyber threats arise. These values are not only important internally in a company, but also in projects and among customers.

When it comes to cyber security you are never better than your weakest link. Of course, not everyone in the company has to be a specialist, although key personnel need to be competent in ensuring cyber security. However, the entire company has to understand the importance of it and adapt to new measures, when new threats have been identified. It is easier to maintain the threats if we have established routines on how to deal with them. 

How do you know if you have proper cyber security in place?

Before knowing what to do about poor cyber security, you first have to see if you are at risk or have any areas of improvement. In many cases we might not even know what the vulnerabilities are until after an attack. If you have been under a cyberattack and lost information, you know you are most likely also susceptible to another attack. But if you have not been attacked, you have to test if you are protected and maintain the protection. You should complete investigations to uncover possible issues and risk areas.

So how do you increase cyber security awareness in the company?

Some companies will run email campaigns where they test their employees. For instance, by using fake phishing emails to see if anyone interacts with them, clicking them, and often logging in to a separate website. In some cases, the employees can go as far as giving log-in credentials, which can also be detected in these phishing campaigns. This generates a competition within the company and creates an environment where being good at cyber security is considered important.

A possibility is to force or try to motivate to better behaviour online and while utilising the online networks. Forcing initiatives from top to bottom is often futile, so to get a change in the culture, motivation is necessary. You need to build a good culture from the bottom, where you can have all employees on board, and they understand the importance of why they are doing things.

You can utilise change management to create and maintain a good culture for cyber security. This means a process of continuous improvements to cyber security in the company. From current trends we can see that keeping up to date on cyber security practises is increasingly important, as there is a wide span of threats, and an increase in cyber-attacks during the past few years. It is important that we keep being ahead of the attackers, rather than having to discuss this after an attack. Also, during the pandemic, people are working remotely more than ever, and while most plants, assets, and offices pay special attention to cyber security, people’s homes and networks are often less secure, and easier to access.

In conclusion

As with everything else, you are not stronger than the weakest link. If one person fails, everyone is exposed to an attack. This is why it is especially important to have everyone in the organisation on board. Only then will we have what can be described as a good culture of cyber security.