The corporate culture of an organization has a huge impact on the success of your information security plan. It can help build a strong defense or make it weak and filled with vulnerabilities.
The reason for this influence is that leadership determines what is acceptable when it comes to using BYOD and PCs, as well as deciding what steps need to be taken for the physical protection of data.
The challenges to information security best practices and corporate culture come from at least three factors: level of threat perceived, location, and lack of cooperation and communication between executives and IT leadership.
Organizations that perceive information security threats at a higher level are those institutions, such as financial ones, that do business with obvious sensitive data and imminent loss if breach were to occur. One could say that the perspective of a bank executive, for example, is geared in ‘theft mode’; keeping their assets safe is their top concern. If bank information is leaked or their facility’s network breached, they not only risk identity theft for their customers, but they also literally risk being robbed. The bank will face immediate consequences and loss of business. However, a university, for example, may not feel as threatened if their students’ registration forms get hacked. Why? Because the university isn’t thinking about how the data stolen could lead to financial or identity theft; their perspective is not ‘theft mode’.
Is the company in a small town or a city? Does everyone trust one another or is there always reason to be weary of others? For as silly as this may sound, where the company is and what the home town culture is, has a huge impact on what the corporate culture will perceive necessary for a top information security plan. The mindset of individuals, executives or not, changes based on the level of awareness and threat present in their lives on a daily basis. After all, humans are creatures of habit, aren’t they?
Cooperation and Communication
While threat perception and location vary from person to person, this particular corporate culture information security challenge is most important. It’s important because if effectively implemented, it can solve the two former challenges. Due to businesses being operated by individuals, it is only normal that they each have their separate areas of expertise, responsibilities, and perspectives when it comes to information security needs. However, it is no secret that the best professionals to ask and look to when it comes to keeping data secure, is IT leadership. For companies to be able and establish an effective information security plan and execution cooperation and communication need to be present. CIOs need to have the opportunity to address network vulnerabilities and physical security issues with leadership without fearing they will be blamed for not doing a good job. Executives need to feel free to ask questions and share their concerns regarding information security best practices without feeling they should already know.
A corporate culture with cooperation and fluid communication between executives and IT leadership eliminates the subjective information security perspectives that corporate culture can hold (threat perception and location). Furthermore, it gives room to awareness and objectivity; knowing when additional help and resources are needed, such as working with an external team of information security professionals, to ensure the CIO and the IT teams can build a strong security plan.
What challenges does your organization face when it comes to information security and corporate culture synergy?
Photo Courtesy of lumaxart