Does Your Organizational Culture Emphasize Security?

Avatar
Written by Carley Donovan

July 20, 2018

Does Your Organizational Culture Emphasize Security?

Are you aware that our everyday decisions can have a long-term impact on the security of our systems? Security is not something that can be maintained by a computer, the Internet, or other applications. Instead, it is learned behaviors that can keep your organization’s systems secure by educating and encouraging employees to utilize best practices while using computers, phones, tablets, and other devices. By practicing poor user behavior, you can increase the possibility of cybercriminal activity occurring within your organizations systems.

Since your employees’ behavior affects the level of security your systems have, it is crucial to understand what influences their behavior. These factors can be internal or external and all have an affect on how an employee makes a decision related to organizational policy. Deloitte uses the phrase: “Every individual acts in the world” to outline the different variables that influence decision-making. Based on that sentence, these variables are: the individual, the action, and the world. In order to analyze potential employee actions, we need to look at the following characteristics:

1. Personality Traits
Every human has a distinct set of personality traits, and these traits affect our decision-making abilities. If someone has a history of breaking policies or has made other poor decisions, the chances of that happening again are higher. This type of person may be someone your organization should be weary of hiring.

2. Motivation
Motivation can be split up into two environmental factors, incentives and punishments. Incentives reward employees for good behavior, while punishments reprimand their bad behavior. The same concepts can be applied to utilizing proper security behavior.

3. Context
The context of a situation is reflective of the organizational culture. We use our knowledge of our organizational culture to make decisions everyday. Therefore, in order to practice property security behaviors, we must change our organizational culture to  that of a culture that places high value on security. A culture reflective of security is the basis to practicing proper security behavior.

There are many benefits to modifying your organizational culture, such as improving the safety of your data, promoting physical safety, and limiting fraud in order to enhance practiced security behavior. Due to the fact that people have a desire to be part of a group, new employees will learn that these behaviors are part of your culture and will learn to assimilate. They will learn it through these four dimensions: policy, mentor or peer, group, or work. Once these aspects are reinforced and internalized, you will see consistent improvement to your organizational security.

This DATIS Blog was written by Carley Donovan, DATIS, on June 8th, 2016 and may not be re-posted without permission.