Good cyber security starts with a good culture

With cyber security attacks on the rise globally, it’s crucial for businesses large and small to do all they can to protect themselves from potential attacks. In the UK Government’s recent ‘2022 Cyber Security Breaches Survey’ it was found that 39% of UK businesses had identified a cyber attack in the last 12 months; with a worrying 31% of businesses estimating they were attacked at least once a week.

With ever more sophisticated criminals targeting UK businesses on a daily basis, it’s vital that companies protect themselves from these attacks; but it’s not something that leaders can do in isolation. Having been fortunate enough to have worked with hundreds of clients over the years, in our experience, good security starts with a good security culture. People will always be the weakest link in a company’s security defences – you can have the best firewalls and physical security, but if an employee tells another person their password you’ve potentially let someone straight in.

So how do you instil a good security culture in your business?

If you’re responsible for the cyber approach in your business, we would recommend you follow these 5 steps to ensure your protect you data and systems from attacks: 

1. Lead from the front – the first step is to get buy-in from the Exec board. It’s important that business leaders understand the repercussions of a data breach, so starting with the Exec board is the first step on the road to embedding good security into your company’s culture. Highlight recent examples to illustrate that the risk is real and any company can be vulnerable.
   
   
2. Raise awareness with all employees – company-wide ‘Show & Tells’ or learning lunches can be a great way to educate staff, make sure everyone is aware of the issue and show that security is high on the company’s agenda.
   
   
3. Security training – provide all staff with the knowledge and skills they need to protect themselves and your company from potential threats and prepare them to respond in the right way, should an event occur.
   
   
4. Test test test… cyber attacks are a very real threat for all businesses today. It’s becoming increasingly more likely that you could fall victim, so don’t just hope for the best – regularly test your defences. You could set up simulated phishing and social engineering attacks for your staff, or test through random quizzes. This will make sure the issue is always in the minds of your employees and becomes embedded in the culture of your company.
   
   
5. Gamify – people love a competition and often learn best when they put their skills into practice, so making it fun is a great way to get employees on board. Perhaps you could start a leaderboard to encourage the right behaviours? 
   

Gamifying cyber security training certainly helped our client Dentons to embed best-practice cyber security protocols into their culture and that of their customers. Dentons, the world’s largest law firm, approached us to help them combat the increasing threat they and their customers were facing from cyber attacks. This resulted in us developing the world’s first gamified cyber-security training app for them to train and test their employees, using realistic simulated data-breach scenarios. 

The app makes use of gaming principles to lead an employee through a real-world cyber-security scenario before giving the player a score and feedback based on their response times and decisions. Taking something that was considered a fairly dry subject in the past, we were able to transform it into a hot topic throughout the organisation, dramatically increasing staff knowledge within just one week. This ultimately resulted in the organisation becoming much more secure and resilient to cyber attacks in the future.

If you’d like advice on how to ensure your business is protected from cyber attacks, please do not hesitate to get in touch and we’d be happy to help.