Gallup’s latest research shows that only 31.5% of employees are engaged at work, 51% are disengaged and 17.5% are actively disengaged.
(Gallup defines engaged employees as “those who are involved in, enthusiastic about and committed to their work and workplace.”)
This lack of engagement is a ticking time bomb for many companies, with cyber criminals waiting to grab an opportunity to exploit weaknesses.
Research shows that employees continue to endanger their companies by accessing adult material, downloading email attachments from unknown senders, and using social media and unapproved apps on corporate networks.
Many companies are now looking at developing their ‘culture’ to fix inherent security problems in their organisations.
At the heart of organisational culture lie social behaviours, norms and values that have been created by the organisation’s leadership and staff.
That’s why leadership should be at the fore when building a security culture and developing a security-conscious workforce. It is essential that the executive team truly understands the significance of security and wholeheartedly supports the initiative.
Cisco president and CEO John Chambers said, “Security starts with me, the CEO, down to the individual contributor level … it’s mandatory.”
Build a security culture
Developing a security culture requires you to embed security in your business strategy and processes. Indeed, an effective security culture is one that supports the protection of information while also supporting the organisation’s broader objectives.
Security experts employ many technologies to improve security, but one of the most important factors influencing information security is the human factor. A positive security culture is one in which staff are engaged and committed to helping each other do the right thing, like reminding a colleague to lock their computer screens when leaving their desks.
ISO 27001 embraces understanding processes, people and technology as the three fundamental cornerstones of an effective security strategy, and holds ISO 27001-certified organisations accountable for conducting regular security staff awareness training. A ‘security culture’, meanwhile, adopts a more universal approach and addresses the human and cultural factors that are important in achieving organisational security.
The book Build a Security Culture explains this concept in more detail and provides advice grounded in the psychology of groups to help you develop your organisation’s culture.
Staff awareness training is an essential element of a security programme. An effective anti-phishing programme can provide your organisation with an effective means to combat the threat of phishing, which has become a reality of conducting business in the modern world.
According to Microsoft, phishing scams now costs companies around the world as much as USD$5 billion a year, and unsolicited emails in the UK are said to be three times more likely to contain a malicious link than in the US.
IT Governance’s Phishing Staff Awareness E-learning Course will enable you to take action against the increasing threat of targeted phishing attacks by educating your employees to be alert, vigilant and secure.
Combined with a simulated phishing attack, you can establish whether your employees are vulnerable to phishing email attacks, enabling you to take immediate remedial action to improve your cyber security posture.
Protect your company from escalating cyber threats with a simulated phishing attack now by purchasing these two solutions together and save 10% by mentioning this blogpost.