Corporate security culture - October’s awareness module
Culture is an important yet under-appreciated factor in business, particularly in information security.
Organizations with a weak security culture are missing a trick. They present a poor external image,
coming across as unprofessional and untrustworthy. Internally, the general lack of focus and concern
leaves workers highly vulnerable to phishing, social engineering, fraud and more. Disengaged workers either don’t notice or simply ignore the threats and incidents: they pass them by without even a
Compliance failures such as privacy breaches and piracy are a particular concern. Aggrieved parties,
courts, regulators, stakeholders and journalists are likely to hold senior management personally accountable for widespread cultural issues, poor attitudes and an apparent lack of emphasis on
information security. We have seen this most recently with Equifax, and in the past with Enron, Sony and other headline-fodder. When the music stops, top management find themselves short of chairs.
In contrast, if everyone knows about and fulfils their obligations towards information security, the
organization presents a much stronger and consistent image. More than just appearance, once security becomes ‘second nature’ for workers, information is better protected.
Our challenge for this month’s awareness content is to engage and motivate workers in general,
bolstering the organization’s human firewall. Convincing management to take the lead in this area is where it all starts. MORE
Coming up soon
Next month we will release a revised privacy awareness module with a particular focus on GDPR (the General Data Protection R
egulation). GDPR is a major shake-up in European privacy laws with global implications. Does your organization know what’s coming? Will you be ready by May 2018?
For December and the end of year holiday season when many of us let our hair down, we’re planning to cover social engineering - one of the core topics
for security awareness, of course, and increasingly important given the widespread emphasis on cybersecurity. While our IT systems and networks are
strongly protected by security technologies, our people remain as vulnerable as ever ... unless they have the benefit of an outstanding security awareness program.
The finest, most creative content on the widest range of security awareness topics on the planet
‘Security culture’ is the 63rd awareness topic in our portfolio. If your security awareness program only covers the obvious, boring stuff such as phishing,
you are out of touch with the reality of information risk and security today. If you are too busy to do awareness at all, this month is the perfect
opportunity. Kick-start a world-class awareness program with a subscription to NoticeBored, the uniquely creative awareness service. Call us to try out the product and revolutionize your approach. What are you waiting for? We can get you up and running in next to no time.