“Your people are your biggest weakness when it comes to security”. You’ve probably heard this statement more than once. It probably wouldn’t instil the most positive cyber security culture.
We believe that this can, and should be a fallacy in all businesses when it comes to cyber security. We want to help you grow your people in to your biggest strength and asset.
So how do we get there? Well, Security is all about risk – appreciating it, understanding it, and reducing, mitigating or sometimes accepting it.
Beginning with a desire to create a culture of security within your business will set you off on the right path, and from here we’d suggest making this your guiding principle. You can read in detail about this here, where we will expand and share more about how your approach to cyber security feeds in to building this culture.
At CyberScale we talk a lot about taking a risk-based approach to Cyber Security. This is an approach that is tailored towards your specific business or organisation. It takes into account the specific data that you have, the way you use systems, the people you have in your organisation and their level of understanding of all things security, the processes that you have in place, and how all of these combine to create risks specific to you.
Different organisations will have different security requirements, that’s a given. But, what sort of differences are we talking about? Well firstly there is data. Some organisations are heavily reliant on data, some not so much. Some organisations collect and process particularly confidential or sensitive data, such as health data for instance.
Some organisations have employed staff only, where elements of security policy can be made part of their employment contract and ongoing training, whereas other organisations have a heavy reliance on freelancers or subcontract staff where this is not so easy. This will inevitably raise issues around building and embedding a cyber security culture. Management of systems used by these groups also differs in its level of practicality; managing and controlling devices which are company supplied is one thing, but devices owned by a freelancer or subcontractor present a particular challenge.
Going back to the beginning here will ensure that even though you’ve recognised these challenges you will be able to view them through the goal you have, which is to create a culture of security across all staff whether permanent or not. Having your guiding principles embedded in those who hire, onboard and work with all types of staff is going to be ever more important.
So how do we do this? Training. The answer seems simple, but it really isn’t at all. A cyber security culture will come from having a set of agreed and embedded values across the workforce which determines how everyone thinks about and approaches cybersecurity.
Training can have many aims, here it is to help you understand what you don’t know – what’s important, what to look at and prioritise when it comes to cyber security, and where to go for help that you can trust, both inside and outside of the business.
But it’s more than just telling you.
Through carefully designed exercises and discussions, we’ll help YOU discover how to determine what is important to your business, how to assess risks and impacts in a security context, and how to build a strategy and plan to improve security and reduce business risk. This is an ongoing commitment and when invested in regularly will move you towards building the security culture you seek.
With a combination of public courses where attendees will be from a range of organisations, and bespoke solutions for your business, we are experienced in ensuring that what we deliver suits the needs of your business.
We are focused on providing cyber security training that also brings personal benefits to individual attendees in their broader lives and not just in the workplace. We do not deliver a standard CBT session or something general, which might feel like a tick box exercise for the business and attendee, we ensure that we are linking the training with your specific process and policies.