Please configure

How to build a culture of security

Subscribe now for insights, opinion and advice to inspire you and your team on your digital journey.


In my role as Security Portfolio Director, I’m often asked, ‘Where do we begin?’ when a business wants to increase their security profile. And I always answer, ‘Your people.’

We’re seeing and reading about new data and security breaches every day, at all levels. The Australian Census Bureau fail shows us that governments are every bit as vulnerable as organisations and small businesses. And researchers at the University of Birmingham and a German engineering firm have revealed flaws that make ignition and keyless entry systems vulnerable on 100 million Volkswagens.


With the emergence of more Internet of Things (IoT) technology connecting us to devices and the internet, there’s a corresponding rise in potential security breaches, with threats to network security and data security. And differing opinions on how ready we are for an IoT world.


It’s a lot to take in and stay on top of – especially when you’re trying to focus on your customers. So how do you prepare your business to face security risks and transform cybersecurity into a positive enabler? What kind of security solutions should you think of?


You start with your team and you build a ‘culture of security’


A culture of security is all about the people in an organisation – their understanding of the organisation’s mission, risks posed by cyber threats and how good security plays a critical role in achieving that mission.


The right culture of security will drive the behaviour that makes an organisation’s security policies and procedures actually work. Otherwise, people look at security as a hurdle and a drag - something to get around or a box to tick.


3 systematic steps that protect your assets and help you grow


Communicating and instilling a culture of security is really no different to communicating any other business priority. You want to make it relevant to your team with education about responsibilities, benefits and consequences.


1. Establish clear responsibilities and decision making processes


The role of overseeing security should sit at the top table where it gets executive support. It’s so much greater than an IT or tech issue and needs to be treated as more than a cost.


For example, as IoT expands, cyber-security’s responsibility will grow beyond IT, meaning  teams will need to work closely together. When plants, machinery and vehicles become connected, threats or vulnerability will have to be addressed by many parts of the business including engineering, health and safety staff, and legal and IT teams.


You want to think in terms of a security model, not just technologies. So build a security framework with policies and guidelines that address preparation and defences before an attack, detection during an attack, and response, remediation and recovery after an attack.


2. Build awareness


The first thing to do with staff isexplain why good security matters, what the risks look like and how the business could be affected if cyber threats are realised.


Teams need to be aware that your customer data holds a lot of value and it’s your obligation to keep it look after it in accordance with your relevant legal obligations. It’s often this data that hackers and ransomware perpetrators attack. You need to protect it, just like you protect any valuable possession.


By creating positive and negative examples about the use of devices, passwords, and dissemination of customer data, staff can get a picture of what good looks like and what kind of behaviour can lead to security breaches. Don’t just have a policy statement that says ‘Do not email customer data’ or ‘Don’t reuse passwords across applications’. Explain the ‘why’ and the potential consequences (like this one).


3. Make information security a business enabler


The time has passed to treat security negatively. If you’re taking advantage of mobility to keep your team connected and using IM, apps and cloud services for better customer experience, maintaining a good security posture enables a competitive edge.


With a focused, human approach and a commitment to a culture of security that starts at the top, you can build a security-first mentality and provide continuity of service with confidence.


We welcome the opportunity to talk about your company’s culture of security and how we can help you put it in place. Simply make an appointment for a call today.



Join the Facebook Community for NZ Business

Running a business is easier when you can tap into a network of friends and mentors. At Spark Lab you’ll be part of a business community providing inspiration, advice and support. No matter how big or small your business, join us for exclusive access to some of New Zealand’s most successful business minds.

Thanks! We're sorry to hear that!

Please configure