While cybersecurity is at the forefront of credit union concerns these days, it isn’t often that the threat is associated with company culture. But a new report about security and employees cautions that if internal measures are focused more on tools than culture, a financial institution could be overlooking a problem.
In a report in ThirdCertainty, Dan Velez, senior manager of insider threat at Forcepoint, said instead of looking to control devices such as USBs and mobiles, “companies should first and foremost ask whether their corporate cultures are inviting insiders’ malicious and risky behavior — or functioning to deter it as a first line of defense.”
Velez contends that when an organization’s culture creates opportunities for abuse, motivated employees may be more disposed to mine that organization’s data for a side business, copy records on behalf of a rival, or sell files to cyber criminals. He goes on to say security and data privacy risks always begin and end with business factors and people rather than technology.
Velez emphasized that transparency, ethics, and cybersecurity “go hand in hand. As complex as fighting myriad cyber risks can be across companies’ changing IT assets, too few decision-makers recognize the power of healthy leadership and corporate culture as a scalable, enterprise-wide defense.”
Read the full article at CU Today.