Lancaster University Management School - 54 Degrees Issue 18

This creates an organisation that is robust and resilient in the face of digital threats. Organisational change starts from the top. Senior leaders must first model the behaviours they want to see. If a director cuts corners, switching off two-factor authentication, for example, then it is tough to motivate colleagues to do otherwise. Colleagues also need to know how to combat common threats through regular and sustained awareness raising, training, and an environment where cyber security is regularly discussed. Leaders must then win hearts and minds. Staff need to care about good cybersecurity. They have to know it is vital to the future of the business. After that, it is time for leaders to let go a little. It sounds contradictory, but owners and directors must listen when colleagues raise issues or suggestions about how measures will work and trust them to find the right solution. Whether it is a cleaning company, a football club, a global food corporation, or a gin distillery, the approach is the same. A positive culture of security will grow when all staff, from the CEO to the groundskeeper, embrace their vital role in minimising the likelihood of an attack. It is not simply about giving staff a checklist. It is about infusing an awareness and appreciation of the issue into every aspect of the business. In this sense, employees are not repeating actions they have learned by rote. Rather, they become the vigilant eyes and ears of the company, constantly alert to the risk of both a malicious attack and the all-too-easy human errors, like the ‘reply all’ email, that can result in a breach. It is important not to be daunted by the task of implementing more or new cybersecurity measures, whether they are technical or people-based. Business leaders confront challenges of this nature daily. Cybersecurity is simply another application of their ability to innovate, act decisively and bring people with them. By shifting the internal culture, cyber security no longer needs to induce fear or dread in teams, and they will start to realise tangible benefits they will want to shout about to customers. FIFTY FOUR DEGREES | 53 Dr Robyn Remke is a Lecturer in the Department of Entrepreneurship and Strategy, and Co-Director of the Cyber Security Executive MBA. Her research expertise lies in organisational leadership, culture, and behaviour change. r.remke@lancaster.ac.uk

RkJQdWJsaXNoZXIy NTI5NzM=