CyberWyoming note: In collaboration with the Identity Defined Security Alliance, CyberWyoming is releasing a four-part series of blogs on Identity Management for Identity Management Day on April 11, 2023.
Day 1 – What Is Identity Management and Are Your Employees Taking It Seriously? https://cyberwyoming.org/day-1-what-is-identity-management-and-are-your-employees-taking-it-seriously/
Day 2 – What Is a Culture of Security? An Example https://cyberwyoming.org/day-2-what-is-a-culture-of-security-an-example/
Day 4 – Don’t Wait for a Security Crisis to Start Building a Security Culture and Relationships in Tech! https://cyberwyoming.org/day-4-dont-wait-for-a-security-crisis-to-start-building-a-security-culture-and-relationships/
Creating a Culture of Security
Like any organizational behavior, creating a culture conducive to security starts with leadership.
CyberWyoming has seen company CEOs consent to be cyber stalked and then present the results at a staff meeting, talking about how they changed their behavior. It’s about walking the talk and it can turn company culture on a dime.
Writing employee handbooks to include security protocols for specific audiences in the company is also helpful. A construction company with 5 office employees and 70 field workers should tailor its security message for the different needs. The 70 field workers probably don’t even have email and just need to protect the company’s trucks and paperwork in the trucks. Security focuses on physical security. However, the 5 office employees need to have routine discussions about scams and scam tactics, communicate with each other, and make sure the computer equipment (both onsite and in the cloud) that holds the data is secure.
Finally, CyberWyoming offers free, no-think security awareness campaigns to any Wyoming company. Each monthly lesson has a poster to hang at the beginning of the month to introduce the topic, a few emails an office manager can send out as reminders, a video, and a game or discussion topic for a staff meeting. “We try to keep these no-think campaigns fun. If you’ve ever seen the password game on the Jimmy Fallon show, that’s the type of activities we recommend to generate discussion at the office,” said Laura Baker, Executive Director for CyberWyoming and Manager of Wyoming’s Cybersecurity Competition for Small Business.
About Wyoming’s Cybersecurity Competition for Small Business
In its sixth year, Wyoming’s Cybersecurity Competition for Small Business is one-on-one, on-the-job, human focused security training that starts with the company’s mission statement and ends with security policy writing. Wyoming business leaders meet their security goals and have increased confidence with the subject, better relationships to support their security efforts, and improved products and services as a result of completing the program.
Registration continues through May 1. Winners receive cash prizes and a speaking engagement at the annual cybersecurity conference. https://cyberwyoming.org/competition to register.