What is Security Culture?
Security Culture is a set of practices and a mindset that is designed to help keep the security of a group or organization.
Why is Security Culture Needed?
With the evolution of the computers, the internet, cloud computing, online backups, cell phones, cameras, etc., we now live in a surveillance state like never before. Many of the Sci-Fi type big brother type surveillance is now a reality.
Examples:
Target knows when you are about to give birth.
Facebook knows when you are about to enter a relationship.
Maintaining a security culture is now critical for the function of any organization.
Having a security culture will help for security of an organization’s customer and member data, help keep private communications of the organization private, keep the organization safe from any outside entities that would work against the organization.
Without being able to have a reasonable expectation of security within an organization, the organization will not be able to effectively achieve its goals.
- Keep information on a need to know basis.
- Do not talk about private things within the organizations with people outside the organization.
- Within the organization, any sensitive information should only be shared with people who are directly involved.
- Avoid posting any sensitive information on Social Media.
- Use tools that promote secure communications.
- Use unencrypted communications only for information that are available publicly or ok to be available publicly. This includes text messages, email, Facebook messenger etc.
- Understand that if you use any tools that store data on other company’s servers, that the company may be able to read the data and sell the data. Your data may not be 100% owned by you, and the companies may not have your best interest in mind. This includes Facebook, Gmail, outlook.com.
Example: Microsoft defends right to read users email - Whenever possible use 2 factor authentication. (Using 2 separate methods of authentication. For instance when you enter in your password and then click on a link texted to you)
- For mass collaboration we have found Slack to provide a great balance of security and ease of access.
- Use an end to end encryption application like Signal for very sensitive information.
- If possible for the absolute most sensitive information, communicate directly in person and leave no digital copy of the conversation.
- Passwords
- Do not reuse passwords.
- Do not use security questions where the answers can be easily researched.
- Change your passwords in a regular basis.
- If needed use a password manager to keep track of your passwords.
- People are always the weakest point of security
- The most common hacks are not from computer hacking but from weak security practices and attackers being able to just log straight into a system as someone else.
- Be aware of your surroundings, and who you share information to.
- Do not share your security information with anyone