As the number of high-profile cyber-attacks and data breaches continues to rise, it is clear that the current approach to cyber security is not effective. Many organizations rely heavily on technology to combat these threats, but this is only part of the solution. To truly improve cyber security, a more people-focused approach is needed.
Dr. Inka Karppinen, a lead Behavioural Scientist at CybSafe, emphasizes the importance of understanding human behavior in the context of cyber security. Instead of assuming that employees will change their behavior if they are simply educated on cyber risks, organizations should take a more measured and studied approach. By quantifying and directing people towards good behaviors, organizations can improve their cyber hygiene and promote a positive and effective cyber security culture.
Here are five steps that businesses can take to align their cyber security policies with their workforce:
1. Talk to people: Instead of relying solely on technology, organizations should initiate conversations with employees to better understand their knowledge gaps. By engaging with employees and addressing their concerns, organizations can fill these gaps and improve their overall cyber security awareness.
2. 24/7 protection: With the shift towards hybrid work environments, traditional 9-5 cyber security measures are no longer sufficient. Organizations must ensure that cyber security measures are implemented around-the-clock to protect employees and the business from cyber risks. This includes providing employees with the necessary tools to manage their cyber risk, regardless of their working environment.
3. Training and tools: Employees should not be blamed for their mistakes if they have not been provided with the necessary training and tools. It is important for organizations to prioritize cyber security training and ensure that employees have the resources they need to perform secure practices. This includes reliable and user-friendly tools that do not hinder productivity.
4. Positive messaging: Harsh penalties for cyber security mistakes can discourage employees from reporting errors and hinder transparency. Organizations should view cyber security incidents as learning opportunities and encourage employees to report mistakes. A positive message can improve transparency, address vulnerabilities, and turn employees into champions for cyber security.
5. Layoffs and cyber hygiene: In the event of layoffs, organizations must consider the impact on cyber security. This includes maintaining the security of technology infrastructure and addressing the psychological and behavioral effects on employees. By approaching layoffs with understanding and support, organizations can minimize potential cyber hygiene issues in the future.
Dr. Inka Karppinen emphasizes that cyber security is a complex problem that requires a multifaceted approach. By focusing on the human aspect of cyber security and promoting open communication between employees and the C-suite, organizations can increase awareness and understanding of best practices. This will ultimately protect organizations against damaging cyber-attacks.
About the Author:
Dr. Inka Karppinen is a Cyberpsychologist and lead Behavioral Scientist at CybSafe. With a background in both industry and academia, she combines her expertise in human-computer interaction and behavioral science to uncover people’s attitudes and behaviors towards cyber security. Her research focuses on behavior change models and improving an organization’s security culture. Dr. Karppinen holds a PhD in Security and Crime Science from University College London and an MSc in Occupational Psychology from Birkbeck.
By following these five steps and prioritizing a people-centric approach to cyber security, organizations can take significant strides towards improving their cyber hygiene and protecting against cyber threats.