Developing Cyber Security Behavior
Cyber Security Behavior is the way in which a person reacts when confronted with a cyber security situation such as an attack, incident. It is also the security controls they practice while performing everyday activities such as sending emails, working with sensitive documents or working with computing devices.
Fig 3: Positive behavior develops in a supporting and conducive environment
Awareness and Competence training is fundamental to developing positive Cyber Security Behavior. But, that in itself is not enough. Positive behavior is developed in a conducive environment where the behavior is rewarded. To create such a positive environment, Cyber Security training frameworks must evolve to influence three factors – Beliefs, Attitude and Action.
Beliefs are often personal and must have evolved outside the controls of the organization. But, organizations can influence and create a positive belief in Cyber Security by showing a larger picture. The larger picture must demonstrate;
– The influence of Cyber Security on customer trust and subsequently the growth and success of the organization
– The positive impact of Cyber Security for each employee in terms of enabling them to perform their jobs securely
– Finally, the indirect and positive influence of Cyber Security in their career growth
Organizations must take the effort to showcase the reward of positive Cyber Security behavior. The rewards are – growth for the organization and indirectly, growth for the employee.
Attitude is a preconceived opinion or approach. Often Cyber Security suffers because employees perceive security practices as obstacles that slows down work. Cyber Security practices increases the quantum of time and effort to everyday tasks. Therefore, the challenge is to remove this negative attitude around Cyber Security as an additional burden.
Again, the solution is in showing the larger picture as to how small steps by every employee helps in strengthening the Cyber Security posture of the organization. By consistently repeating and supporting this message, negative attitudes around Cyber Security can be removed.
Cyber Security actions are observable Cyber Security practices. By repeating these actions, the behavior becomes inculcated or second nature.