One of the best defenses against threats an organization can have is a well-educated workforce. A culture of cybersecurity is a collective goal to be fostered over time between you and your employees. A positive of small businesses is that the smaller workforce makes it much easier. A culture of cybersecurity should be a cordial environment where digital safety and technical best practices are in place across the workplace. Employees should feel free to share their experiences with technology and ask questions about how they should conduct themselves online. In my experience, many employees feel embarrassed about their perceived lack of technical knowledge and avoid asking questions. A culture of cybersecurity should discourage this and instead encourage everybody to be open about their experiences with the technology provided to them.

Methods to create a culture of cybersecurity in your organization:

  • Bookmark some cybersecurity news websites on your business machines and encourage employees to stay up to date with the news in their spare time.
  • Send mass emails to your staff when a major cyber incident hits the mainstream, informing them of Indicators of Compromise (IOCs) and how to be vigilant for the specific threat.
  • Encourage employees to help each other with technical issues rather than trying to navigate them on their own.
  • Ensure your cybersecurity team members take their roles seriously and regularly attend meetings.
  • Keep cybersecurity policies up to date and posted in visible areas across the workplace to remind staff of their conditions.
  • Define a clear escalation path for employees to report suspicious behavior without fear as soon as it occurs.
  • Deploy reputable security-focused browser extensions on company devices to integrate security in online workflows (Shodan.io, Privacy Badger, Malwarebytes Browser Guard, Wappalyzer).
  • Follow up with your employees regarding incidents of interest; share incident reports and root cause analysis with them to help them improve their security skills moving forward.