Create us a cyber aware culture please

“Create us a cyber aware culture”! Yes please, I’ll have one of those. Not easy when it doesn’t come in a box with instructions on how to install a cyber aware culture.

The jobs people do, the technologies they use, and most importantly their personal ways of working, attitudes and beliefs all contribute to culture. How hard is it to create a single cyber aware culture when there are many moving parts?

We ask a lot of people – they need to always remember the things they are supposed to do for security, do those things at the right times, and do them right of course. In the perfect world, and we know there’s no such thing, if everyone did this, then sure we would have a great cyber aware culture and then cyber criminals would be looking for real jobs.

Simply put, people think differently and therefore act differently. When it comes to cyber, this is the difference between good and not so good behaviours.

Think therefore about creating cyber aware cultures specific to different parts of your business, based on what people do and the way they work with information. Putting aside the obvious – all information is sacred and must be kept secure – messages about how to do that, and why, are more relevant to groups of people rather than the masses.

Take the health sector – community health workers are mobile, they may come into an office once a week, they carry confidential information with them every day. Their focus is on helping people, not worrying about security. The things they need to understand and do are relevant to them and less relevant to others. Other good cyber practices are relevant to them, but for that group, strong messaging, relevant to their role, will have the biggest impact in influencing good cyber behaviour and reducing risk of data breaches.

In business, perhaps it’s a matter of working to create teams and groups who are naturally cyber aware, and over time, the collective sum of these parts equals a great cyber aware culture for the business as a whole.