A flexible company culture can do wonders for productivity, creativity and team morale. But without proper precautions in place, it could also pose a threat to cyber security.
Despite huge advancements in cyber security technology, human error is still a leading cause of serious security breaches.
Remote working, document sharing, the use of personal devices at work – these are all hallmarks of a flexible company culture, designed to foster collaboration and innovation in the workplace.
Flexibility vs Vulnerability
However, there’s a fine line between flexibility and vulnerability. It’s important to ensure that your company culture doesn’t expose any weaknesses in your cyber security strategy. The sharing of company data across multiple devices could put your intellectual property at risk.
According to research by AXELOS, an education management organisation committed to identifying global best practice in IT service management and cyber resilience, “organisations need to recognise the importance of the ‘human factor’ in protecting their most precious information assets and systems”.
The research paper, titled ‘Are your people playing an effective role in your cyber resilience?’, argues that employees are both an organisation’s “most effective security control” and “potentially, their greatest vulnerability to attack”.
So how can you foster a flexible company culture based on open collaboration, while also protecting sensitive information?
By creating a culture of awareness, education, trust, and accountability. Many people are simply unaware that their actions could be putting security at risk. It’s therefore up to you to educate them about their cyber security responsibilities within the workplace.
Cultural Shifts Need to Happen
A good place to start is by creating a cyber security information policy and include it in employee contracts and handbooks. This policy should clearly state your organisation’s rules surrounding cyber security, and be regularly updated to accommodate industry advancements.
However, a written policy will not be enough to change your company culture. To create a cultural shift, you will need to talk to employees about cyber security on a regular basis, in both one-on-one situations and wider team meetings, as well as digitally (for example, via email or staff intranet). Cyber security is not a ‘set and forget’ strategy; it must continually be revisited and discussed so that it says at the forefront of everyone’s mind.
AXELOS advises that organisations take this one step further, and roll out customised employee training programmes, so that no one is learning about rules that don’t relate to their position, and vice versa.
“Your training and awareness learning might be telling staff to do things that are not relevant and not part of their working life. The learning needs to be directly related to what they do.”
It’s also essential to foster a culture of trust, as opposed to surveillance. If employees feel they are operating in a ‘Big Brother’ environment, this may negatively impact other facets of your company culture, such as collaboration and innovation. The best way to foster trust is to encourage regular, open conversations and feedback. Cyber security communication should always be a two-way street.
Once everyone in your organisation understands the importance of cyber security, it will be much easier for you to implement security techniques and technology, such as firewalls and mobile device management (MDM). People are far more likely to follow rules if they understand the reasoning behind them; aim for awareness first, implementation second
Keen to understand more about Online Security Protection for New Zealand businesses? Download our latest eBook – it’s FREE!