fig news

People as your strength – a culture of security

The people within any organisation can be the greatest line of protection when it comes to cyber and information security. Here we look at how to grow your people in to one of your biggest security assets.

“Your people are your biggest weakness when it comes to security”.  You’ve probably heard this statement more than once.

We believe that this can, and should be a fallacy in all businesses when it comes to cyber security.  We want to help you grow your people in to your biggest strength and asset.

So how do we get there?  Well, Security is all about risk – appreciating it, understanding it, and reducing, mitigating or sometimes accepting it.

Beginning with a desire to create a culture of security within your business will set you off on the right path, and from here we’d suggest making this your guiding principle. You can read in detail about this here.

At CyberScale we talk a lot about taking a risk-based approach to Cyber Security.  This is an approach that is tailored towards your specific business or organisation.  It takes into account the specific data that you have, the way you use systems, the people you have in your organisation and their level of understanding of all things security, the processes that you have in place, and how all of these combine to create risks specific to you.

It’s a given that different organisations will have different security requirements.  But, what sort of differences are we talking about?  Well firstly there is data.  Some organisations are heavily reliant on data, some not so much.  Some organisations collect and process particularly confidential or sensitive data, such as health data for instance.

Some organisations have employed staff only, where elements of security policy can be made part of their employment contract and ongoing training, whereas other organisations have a heavy reliance on freelancers or subcontract staff where this is not so easy.  This raises issues around building and embedding a culture of security.  Management of systems used by these groups also differs in its level of practicality; managing and controlling devices which are company supplied is one thing, but devices owned by a freelancer or subcontractor present a particular challenge.

Going back to the beginning here will ensure that even though you’ve recognised these challenges you will be able to view them through the goal you have, which is to create a culture of security across all staff whether permanent or not.  Ensuring your guiding principles are embedded in those who hire, onboard and work with all types of staff is going to be ever more important.

At CyberScale we do this through training.  The answer seems simple, but it really isn’t at all.  A culture of security will come from having a set of agreed and embedded values across the workforce which determines how everyone thinks about and approaches cybersecurity.

Training can have many aims, here it is to help you understand what you don’t know – what’s important, what to look at and prioritise when it comes to cyber security, and where to go for help that you can trust, both inside and outside of the business.

But it’s more than just telling you.

Through carefully designed exercises and discussions, we’ll help YOU discover how to determine what is important to your business, how to assess risks and impacts in a security context, and how to build a strategy and plan to improve security and reduce business risk.  This is an ongoing commitment and when invested in regularly will move you towards building the security culture you seek.

With a combination of public courses where attendees will be from a range of organisations, and bespoke solutions for your business, we are experienced in ensuring that what we deliver suits the needs of your business.

We are focused on providing cyber security training that also brings personal benefits to individual attendees in their broader lives and not just in the workplace.  We do not deliver a standard CBT session or something general, which might feel like a tick box exercise for the business and attendee, we ensure that we are linking the training with your specific process and policies.

About the author

Gary Bicker
CyberScale

gary.bicker@cyberscale.co.uk

other news from fig

Training is central to a Cyber Security Strategy

November 23, 2021

Any cyber security strategy, to be as strong as it can be, should involve a combination of technical, people and process elements.

Choosing your approach to Cyber Security

November 17, 2021

Every business wants to be protected the best it can. One of the greatest threats today is a Cyber-Attack. Knowing which approach to take when it comes to Cyber Security could be a daunting decision to be faced with so we have put together some thoughts to guide you.

Supporting Business Owners & Leaders

November 9, 2021

Cyber Security is a topic that should be a priority for all business owners and those in leadership roles. Protecting your business doesn't have to be a daunting task when you have the right support in place.

see all news