Planting the seed for a security culture program 3/3

10/11/2017 By SIT Group Member

– by Melissa Misuraca

3 of 3

SIT Group member, Melissa Misuraca, continues her series of tips about obtaining the necessary support to move forward with a new security awareness program. Don’t forget to check back each week to collect the rest!


Last week, Melissa talked about building the business case for a security awareness program.  In this final week she she gives her final thoughts.

Celebrate your wins

Share stories about individuals or teams that demonstrate positive security culture behaviour and reward them. If someone has reported an incident or highlighted a risk, give them a virtual high five on your corporate social media platform or leave them a personalised desk note from the Cyber Security team thanking them for their efforts.

Flicking the switch

Thinking securely isn’t about recalling a set of security related facts.

It is about viewing the world in a particular way and flicking the security mindset ‘switch’. Ask staff what they want to see in a security culture program. We find focusing on the personal impacts of security such as social media, cyber bullying, online fraud, is an effective way to grab attention. You can then tailor the message and link to what security culture behaviours you want to see imbedded in the workplace.

Try and make it fun, whether that is by sharing quirky YouTube videos about security incidents or creating a cyber security mascot with some catchy slogans.  Stories can engage people in a topic they may not necessarily feel interested in.  And please, resit the urge to litter everything with pictures of padlocks, fish or hackers in hoodies (that’s so 1990’s!).

Final thoughts

Building a security culture doesn’t happen overnight. You will need patience and persistence to drive behavioural change. Sowing the seeds for a secure culture is about engaging with the right people, getting their support, and committing to a plan.

For more advice, read the simple tips from businesses with existing security culture programs here


Have you any thoughts or ideas you would like to share?  Why not join our community and help improve online safety across businesses in Australia?