Tips for Creating a Secure Culture

Posted on: in [ cybersecurity, education, HME, safety, training, VGM Secure ]

The biggest mistake companies make with cyber security is thinking that good cyber defenses can be accomplished through technology alone. Technology and software should be a big part of the defense, but hackers are no longer hacking technology, they hack people. So Organizations need to make a serious investment in their employees if they truly want to be secure and that means creating a secure culture. Here are three tips on how you can help create a culture of cyber security:


 Tip #1 - A Security Culture Should be Very Much like TSA Culture.

If You See Something, Say Something.  That is something that we see and hear over and over again when we are traveling through an airport.  There is security awareness messages everywhere from the time you check-in all the way through the terminal via posters and overhead speaker announcements.  Those messages have been ingrained in our head to the point that right when people get to an airport, they have become security focused. 

That is the culture we must create when it comes to cyber-security in the workplace. If you see something, Say something.  If you get a suspicious email report it to your IT department, chances are you are not the only one that has received it. Keep your employees in the loop on the latest scams, phishing and ransomware attacks that have been happening the more your employees know the better defense they will be. Educate, educate and re-educate. 

Tip # 2 Invest in Employee Awareness Training

Most of the time, the threat actually originates from within the organization, when employee’ ignorance and/or negligence opens the door for cybercriminals so Incorporating a cyber-security awareness program for your employees is critical. It is the most effective way to combat poor password practices, successful phishing attempts, and other cyber threats that put your business at risk.

Given that 91% of data breaches start with a phishing attack, if your employees are not prepared to identify and avoid these attacks, your risk of a breach or malware attack, such as ransomware is greatly increased. In addition, many regulations and cyber insurance policies require awareness training. It’s important to train employees before you have a data breach. Don’t wait to react after the fact.

Tip # 3 Remember that Management are Employees Too!

Companies can put in extensive effort and expend valuable resources in strengthening their security culture, but they will fail if there is not a strong and consistent tone delivered from the top.  It is very important for a company’s senior leadership to be an enthusiastic advocate of security goals and objectives. Management also is often a target for hackers because they have access to more company information, which means that the hacker can do more damage and the financial payoff can be much larger.  So if management doesn’t take cyber security seriously, there is a good chance they could fall for a hackers tricks.


In conclusion, organizational cyber security culture depends not solely on the work of one person but instead on the contributions of all employees. By communicating security basics, having employees engage in interactive security awareness training, and executives providing a consistent pro-security tone, you can create a well-rounded cyber security culture in which everyone has a stake. For more information on creating a secure culture and starting a security awareness program for your company contact VGM Education at 866-227-8171 or email [email protected]