How Information Security Approach Affects Organizational Culture

Andrew Paull
Jul 17, 2019 1:00:00 PM

In this technological era where big data drives innovation and companies are expanding the boundaries of their offerings, workforce, and geographic locations through automation, it’s easy to lose sight of some of the more human aspects of organizational operations. Unless you’re a member of the software development or information technology (IT) community, more often than not information security is just viewed as one of those things in the white noise of industry that is someone else's problem to deal with…until it's not.

This is such a common perspective among non-technical workforces that many organizations have either completely outsourced their information security and IT responsibilities just for compliance sake, or they have hardly implemented any protections at all. This results in a workforce that is ignorant to potential threats and is thus more susceptible to attack. Conversely, organizations that have incorporated information security at the foundation of their existence, from the bottom to the top, tend to have workforces that are more aware, and even ever vigilant of potential threats and have so acquired the knowledge to combat them. The IT security culture of an organization direct results from of how information security is approached.

When we hear the word “culture”, we think of the way a group of people in the world perform ceremonies, develop laws, educate their youth, or deal with borders, neighbors, and external threats. The culture of an organization is not that different, and like the cultures of the world, is completely dependent on the leadership and knowledge passed down to subordinate groups. Organizational culture is not something that is developed overnight. It is built over a period of time, from influencers both internal and external. Like habit, it often takes a lot of effort and time to change what has been set in motion.

Let's face it, when a company has spent a long time grooming its product base and workforce solely through methods of convenience or efficiency, rather than security, personnel tend to get more than a little obtuse when sudden alterations to policy or procedures are mandated as a result of a compliance failure or in response to a security breach. This means a hastily implemented standard of operation that differs from what workforce members are used to. In addition to how employees may feel about being required to change the way they operate (probably not too happy), dealing with information security in a reactive manner rather than a proactive manner tends to bring to light deeper flaws in an organization's methodology which may neither be easy nor time effective to resolve. Sometimes responding reactively can turn into a one step forward, two steps back situation.

It is a rule of thumb that information security be incorporated in every phase of operations starting from the first day. Of course, this isn't always how things go, yet it is never too late to take a security approach moving forward. If an organization adopts information security practices at its inception, it is easier for the workforce and organization as a whole to adapt to changes in the security threat landscape and implement safeguards, train employees, and maintain secure operating functions. Setting security in the backseat without a harness will inevitably lead to a point of convergence where potential threats and business preparedness collide and the after-effects are grotesque. How operations are tailored has a direct effect on the overall culture of the workplace, the understanding of its workforce, and the values that the organization strives to meet. It's safe to say that the sooner an organization’s culture is adapted to an information security way of thinking, the better. Contact us today to learn more about the benefits of creating or enhancing a culture of information security within your organization!

You May Also Like

These Stories on Information Security

Subscribe by Email

No Comments Yet

Let us know what you think