Skip to the main content.

Picture of Kate Goldman Kate Goldman Sep 10, 2018 2:00:00 PM

Creating a Culture of Information Security Amongst Your Staff

Creating a Culture of Information Security Amongst Your Staff

Information security: How you can cultivate the right culture among your staff.

Cyber security leadership is in a bind. How do you create a culture of information security amongst your staff that not only influences behavior in the office but everywhere else too?

It’s far more difficult to influence a person’s intrinsic sense of right and wrong by organizational governance if elements of that governance conflict with the basic cultural values instilled during childhood.

And what’s more, effective cyber security isn’t only about behaviorin the office anymore. In our always-on, everything-connected world, what your staff does at home and online in their personal time, dramatically impacts the susceptibility of your organization.

“I think most people would agree that extending the scope and detail of organisational governance to dictate behaviour 24x7x365 for all their employees everywhere is not reasonable, nor would it be received favourably if it were even legal.” Kathryn Brett Goldman CEO and Founder, Cybermaniacs
People sitting around a work desk with their laptops open

Lessons we can learn from Marketing Science

It’s all well and good to talk about “creating a cyber security culture”, but how do you create a cyber security culture in each of your employee’s homes and their surrounding community?

Well, that’s a problem with a different order of magnitude. But you have to tackle it. You can’t simply say, “Right, we’ll govern their behavior at work and on work devices and that will keep us safe.”

The intersections between family activities and work devices or work e-mails and personal devices are too many to ignore.

The World's Deepest Bin

Fancy looking garbage bin in France

Marketing and advertising science can offer clues as to where we go next in terms of compelling people to change their behaviors to be more cyber safe. When they want to change someone’s behavior, usually to compel them to buy more, switch a brand or sign up for a service, they tailor their message to their target demographic.

They learn all about the needs, interests, desires, fears, and trigger phrases that compel that target demographic to act. Then they shape their messaging to hit all those hot buttons and sit back and wait for the results. The good news is they’ve been doing this type of experiment for decades and there are oodles of data out there about how to shape your messaging to influence certain types of people.

Different Strokes for Different Folks

“But wait!” I hear you cry. “There are all kinds of different people in my organization, from all types of cultural backgrounds. I can’t possibly a message that caters to all of them! Dammit, Jim, I’m a cyber security professional not a marketing guru!” First of all, stop calling me Jim. Second of all, you are exactly right.

You can’t shape a single message style and tone to fit all people. So why then have you continuously rolled out the same cyber security training, with the same “harbinger of doom” tone and the same warnings about the coming apocalypse of hacking hell ready to rain down on our heads if we don’t increase the complexity of our passwords….EVERY….SINGLE…FREAKING….TIME you communicate about cyber security awareness?

All the people in your organization that respond well to warnings about future problems and react to a call to arms to defend the perimeter against the invading hacking hordes have been reached. They’re good. They’ve got it. The media has totally created a tailwind for us with those people. They are locked down and ready to rumble.

Mo, Wanda and Si of Cybermaniacs laughing

But what about other people that scientifically in cultural and sociological studies have absolutely, without a shadow of a doubt, been PROVEN to respond to more positive messaging? What about those people? Well, you need to seriously think about changing up the messaging and changing the tone.

How about working to empower people, make them feel part of the solution, part of a winning team? Try to, (dare I say it?…dare I must…) make them laugh and feel good about engaging with cyber security best practice behaviors. That’s right. Lighten up, Francis. Tell a joke or two and you just might reach another cohort of people in your organization and land your message. Just make sure you tell good jokes….

…. haven’t got any of your own jokes? Maybe we can help.

Request one of our training demos 

More from the Trenches!

Why Cyber Security Matters To SMEs

Why Cyber Security Matters To SMEs

It's Not Just Big Businesses that endure the most cyberattacks Small and medium-sized businesses are just as vulnerable and, in many ways, more so....

5 min read

READ MORE »
Building Strong Cybersecurity Foundations
Cyber Basics » Culture »

Building Strong Cybersecurity Foundations

The interconnected world we live in today is like a high-speed rollercoaster with no brakes, hurtling through cyberspace at warp speed. Gone are the...

4 min read

READ MORE »
Cyber Security podcasts

Cyber Security podcasts

Check Out Some of the Top Security Podcasts We've Been Featured On! Kellen Coleman, Tyson Moultrie, and A.L. Roberts host this podcast which is all...

2 min read

READ MORE »