One of my first introductions to cybersecurity came when I was eighteen. Someone had stolen my identity, and it took months to get all the issues resolved. More recently, my brother—also an IT Security professional—stopped a scammer who used his social media information to try to take advantage of our grandfather.
I’ve fallen in love with security over the years because of how interesting it is and how much it constantly changes. You touch every facet of technology, not only to secure yourself and your company, but also to enable technology across the business. But my experience is also personal. I understand the difficulties an individual faces when they’re exposed to a cybersecurity threat, and I know why awareness and embracing a cybersecurity culture is critical to keep Walmart associates’ and customers’ information safe. It isn’t easy, but here are five guiding principles to fostering a cybersecurity culture.
1. Security is everyone’s responsibility.
Security can have all of the best controls in place, but an individual can make one mistake and that can be the opportunity for a bad actor to get in. Each person has to understand their role in security and apply it.
2. Security isn’t just for work.
If you’re focused on security at home, we believe you’re going to bring it into work. The threat to your family and home is just as real as it is at a company. The saying, “It’s not if it happens, but when it happens,” is just as relevant when discussing cyber threats. Each and every day, individuals face threats at home. Whether it is click bait, scams, phishing attempts or a virus infection, we have to be prepared and safeguard ourselves. Staying educated and proactive is what will reduce the risk to someone’s family, home and company.
3. Constant focus on awareness.
We try not to flood associates with too many topics; the more you layer on, the more difficult it is to keep it all straight. We identify key topics and we have an awareness program to reinforce the most important messages.
4. Culture requires Ambassadors.
To advertise security across a large company, we launched our Security Ambassador program last year. Associates from various teams across the organization receive a year’s worth of security training. The purpose of the program is to embed ambassadors throughout the organization to grow the security culture and knowledge.
5. Keep it interesting and fun.
Security is a really interesting topic, but it can be scary at the same time. We try to make a personal connection with individuals about security topics and make them aware of how the bad actors work. Our mission is to build campaigns, videos, games, roadshows and events that keep it fun, yet generate interest and care in applying security safeguards every day.
I recently went to a local high school to meet with one of my mentees. During our conversation, she asked about security and what I do. While discussing my role, I used an example about how certain phone apps can be a hole into your device. She had no idea; it scared her to know that someone could be harvesting her information or using her camera to watch her without her knowledge. We talked about best practices, but it clearly opened her eyes to cybersecurity.
In summary, nobody wants to be affected by a security threat, so it’s really important to foster a culture of security. To defeat the bad guy, that’s what it will take: exposing the bad and replacing it with good behaviors.