Most successful and respected businesses establish a culture setting the expectations for shared attitudes, values, goals, and practices on how a company's management expects (and insists) its leaders, employees, and partners represent the company.
For example, we often hear a company “has a culture focused on the bottom line” or “focused on a culture of collaboration, cooperation and constant search for improvement.” Mission statements often contain elements of a company’s cultural goals and objectives. A core part of culture is an expectation of behavior and those expectations being practiced, measured, and upheld. In leasing, tenant and resident services, investor relations, etc. we expect the company to act and serve based on cultural values established from the top.
While many companies have established cultural expectations for financial integrity, personal conduct, ethical behavior, and fiduciary responsibility, the same expectations need to be established for cyber awareness, resilience, and behavior.
Company culture stems from cultivating the entire organization's skills, knowledge, and experience. The elements of a desired culture are nurtured through training, consistent corrective action for undesired behavior, and positive reinforcement of desired behavior.
Establishing a culture of cyber security should follow the same practices. Further, cyber culture is not solely Information Technology, Information Services or simply said, “A Computer Person Thing.” It is the entire organization’s responsibility to develop and maintain a culture of cyber security. That is no different than establishing a financial, operational, or overall corporate culture. Cyber culture should be another piece of corporate culture.
Leadership, training, testing, assessment, and enforcement all need to be established to promote a solid culture of cyber security. Leaders need to participate in developing cyber initiatives and set the expected outcomes from those initiatives. Leaders need to train, be tested, be assessed, and be held accountable through enforcement no different than employees and partners. Results of cyber testing need to be a portion of the employee review process and included in employee improvement programs.
Building a cyber culture is ground-up and top-down. It is not a one-time event but a continuous process that has proper investment and commitment from management. There are immediate steps that management can take to foster a culture of cyber security. The first step towards this goal is to engage and empower your employees, who are your primary defense against cyber threats.
To take the next step towards creating a culture of cyber security, reach out to us at info@5qcloud.com. If you’d like to learn more about 5Q’s full suite of cyber security services for commercial real estate organizations, visit 5qcyber.com.
Comentários