A Security-Positive Culture Starts at the Top

Get actively involved to build a culture of security in your business

Stephen Nardone

Cybersecurity is vital to every area of your organization. IT officers, corporate officers, finance directors, and human resources managers should all play a role in designing a living, breathing security plan to protect their business. But how do you create a culture of responsible, effective security practices and meaningful threat awareness? Read on to find out.

Stay Educated and Informed

Though it is a legal obligation for executives to involve themselves in information security, it is also best practice to make security an agenda item at every meeting. Refocus the corporate culture on safer security behaviors by making security a priority at the top.

Officers need to know the incident response plans and disaster recovery policies, so they should ask questions about business continuity and cybersecurity regulations and insurance.

Form an Information Security Committee

Create a culture that prioritizes the security of critical data by forming an information security committee and engaging with the team regularly. The team of directors involved in designing and reassessing the plan should meet often to review policies on incident management, user education and awareness, and managing user privileges. They should have an incident response plan and clearly defined protocols for BYOD and working remotely.

Review and Evaluate Frequently

An information security protection program must be well documented and frequently updated, executed, monitored, and reassessed. The enterprise that is able to evidence an information security protection program will likely be subject to less regulatory scrutiny and fines in the event of a breech. The standards of what is reasonable in prevention and protection continue to evolve, and executives need to be aware of changes.

Work with Vendors and General Counsel

Inquire about vendor contracts and the agreements in place to address security issues. Work with general counsel or a cybersecurity attorney to know if your business is able to retain privilege in the event of a breach.