Risky behaviours

Looking at the above, can cybersecurity experts honestly say they are doing as much as they can to keep their businesses safe? Again, the results are rather concerning as over half (55%) of cybersecurity professionals have admitted to engaging in risky cybersecurity behaviours at work. 

Given security professionals are meant to be the beacon for all things security for a business, it is severely disappointing that so many have engaged in poor security behaviour. It does, however, prove that every individual, regardless of their profession, should be training to improve security awareness.

This means security awareness education should be provided company-wide on a regular basis but the stats show that half of cybersecurity professionals admitted that their organisations only conduct training once a year or once a quarter. 

The objective should be to build and foster an environment where a security culture grows that curates a human defence layer for the organisations. Understand that each individual within a company is seen as a weak point that can be exploited by cybercriminals therefore, the objective should be educating the entire workforce on security best habits to reduce the likelihood of them engaging in risky behaviour. 

If you are unsure what risk behaviour consists of, here are 10 risky behaviours outlined with the most common being engaging with malicious links, illegally streaming on devices and removing information from the company network without proper authorisation.

Importance of security culture 

Creating a security culture is necessary for every organisation, department and employee, regardless of their position, in order to reduce the threat of cyberattacks being successful. To do this effectively, security awareness training must go beyond the surface level of security habits. Of course, inform employees about modern threats but also provide them with the knowledge to detect a potential threat and equip them with the right technological defences to respond. 

Furthermore, changing the attitudes, behaviours, perceptions of responsibility and overall organisational norms is a major hurdle that must be overcome. A transformation is required but this can only be achieved by integrating security best practices seamlessly into everyday working life, including processes and operations within the company so that it becomes second nature.

Some may consider this to be too time consuming or a waste of resources but continuous security awareness training has proved to be successful in achieving results. Organisations can continue to support the development of a strong security culture with a new technological method that has recently come to light: automated real-time security coaching. The training will identify and respond to threats because of human activity (phishing and social engineering threats) instantly at the moment risky behaviour is displayed.

This layered approach complements traditional security awareness training and encourages users to learn about security best practices and how to stay safe online which can be applied in both their personal and work environments. In doing so, the security behaviour of the entire workforce will improve. 

In the broader context, prioritising cybersecurity is crucial for all aspects of the organisation, encompassing every department and employee. Achieving this goal effectively promotes increased awareness among users, cultivating a mindset that emphasises appropriate response to potential threats. This proactive approach will benefit the organisation in the long run and help reduce the likelihood of employees carrying out poor cybersecurity habits.