DarkReading.com reported “With cyberattacks becoming more frequent and costly, not to mention the additional challenges inherent in securing a remote workforce, it is more important than ever that organizations build a culture of security.” The July 29, 2022 article entitled “3 Tips for Creating a Security Culture” included the comments about TIP #1 “Don't Be the Team of "No"”:
Security teams are often seen as the team of "no," or like the doctor telling you that you should really cut out salty foods entirely. You might agree in general, but how realistic is it that you never have salty foods again? If rules are overly restrictive or they make tasks significantly harder, people are going to cheat the system. We have to find a way to have more carrot and less stick. We have to pave the road for employees so that security isn't a chore.
It is absolutely important for there to be training on phishing attacks, use two-factor authentication, and regularly change passwords. But how could we simplify this process? I'm a big fan of companies giving employees a subscription to a password manager. This solves one of those concerns while arguably making employees' lives a bit simpler. It's very much about building a two-way street rather than being a hardened gate. This allows us to start building in processes alongside other departments that make sense for their workflow. These processes will change from company to company, but the key here is to look for ways that security can be improved while also improving the workflow for employees in general.
Here are all 3 TIPS:
Great advice and well said!