Creating a Cybersecurity Culture. Recommendations, 5 things to do and 5 not to do

Cybersecurity Culture

In these days we have seen how different experts point out aspects that we must take into account in order to expand the reach of cybersecurity and I don’t want to miss the opportunity to join that line of strategic awareness useful for the leaders of organizations of all sizes.

While reading the top security projects for 2020 2021 that, according to Gartner, all security and risk management leaders should focus on, I was looking the issues where Kymatio can best help our clients to improve (which by the way are many).

Suddenly a LinkedIn post catches my attention, it was from J. Eduardo Campos, (EMPA CISM CISA CISSP CPP)  who stated on LinkedIn:

“Make the human factor the “best” link by investing in people’s training, awareness, and well-being”.

The phrase, with which of course I completely agree, was part of a response to a post by Bret Arsenault, Corporate Vice President and Chief Information Security Officer at Microsoft who stated:

“Creating a cybersecurity culture at work becomes both more important and more challenging when employees work at home”, and continues… “Regardless of whether they’re in the office or working remotely, employees are your last line of defense against cyber bad actors. Adopting interactive training and frequently testing with realistic scenarios can help drive an effective cybersecurity culture”.

Mr Arsenault is a respected security leader across the industry and is recognized for his ability to navigate risk through innovative leadership and vision. He recommends reading Mark Soten´s article on Creating a Cybersecurity Culture Starts With Your Team.

Published on SecurityIntelligence, Mark recommends 5 do´s and 5 don´ts you must follow in order to improve your employees cybersecurity culture.

I want here to point out how Kymatio can help you meet these objectives:

From the Do´s

  • Do test your employees monthly. Work with your employees preferably in a monthly base and conduct monthly tests that can reap large security rewards:

Kymatio is designed to operate periodically with them with a monthly default basis.

  • Do allow for a simple process for employees to report suspicious emails:

Kymatio goes further and prepares people understanding  the different types of motivations behind the psychological manipulation techniques.

  • Do report program results to the C-suite (with easily digestible decks and graphs) as often as necessary:

Kymatio provides all the information necessary to understand the level of cyber risk, the strengthen requirements of the organization and the evolution of the metrics over time. Also facilitating at the personal level metrics for each person, also for the members of the C-level.

  • Do use constructive and collaborative criticism to deal with users or employees who don’t adhere to your prevention program.

Kymatio offers the best approach to quickly identify where they reside under the organization in order to start working with the cultural change.

  • Do use interactive training before testing your employees on anything.

Kymatio provides both, chat interactions to understand the employees needs and analysis of their evolution with situational cyber test sessions.

About the Don’ts (which are aligned with Kymatio’s philosophy)

  • Don’t be overly forceful or overbearing with the program.
  • Don’t forget to include managers, key stakeholders and relevant IT teams in the process.
  • Don’t use the same phishing test for each user or always send on the same day.
  • Don’t start your awareness program with complicated concepts.
  • Don’t forget to remind everyone in your organization that a robust security culture extends beyond the office to help employees keep safe at home as well.

At Kymatio we are completely aligned with the spirit of Mark’s words.
Remember that your employees are the last line of defense against threat actors.

Read the full article here:

Contact now to learn how Kymatio allows you to manage the human cyber risk.