1.

Across all sectors, nearly every organization today depends on secure information technology
system and computer networks for essential operations. When it comes to data security, it is
widely accepted fact that humans are the weakest link. Unlike computers, which do what they
are programmed to do and nothing more, humans are careless, curious, accident prone and in
some case, mischievous. No matter how much you spend on your security infrastructure, it will
not do a bit of good if the people you employ are not using it correctly. That is why it is more
critical than ever to have a culture of security. To reduce cybercrime, it is necessary to give
awareness to all employees that why security protocols are necessary for organizations. There
are many ways to give information to employees about security. For maximum effectiveness,
various training should be organized in to into a comprehensive security awareness training
program involving everything from IT best practices to the company’s security policy and even
regulatory compliance. In training program provide best example cybercrime for to employees
so they can understand why their importance. For example, A recent survey by Avast revealed
that 83% of Americans use weak passwords, meaning that a large portion of the country’s
private information is within arm’s reach of a hacker. To improving awareness, many
researchers advocate for increased face-to-face contact between departments to help increase
positive feelings. Small meetings between security staff and employees are viewed as
particularly efficient. Additionally, company leadership should work to improve a sense of unity
and identity among all departments and groups. However, there is evidence that simply being
aware of cybersecurity best practices is not enough to create behavioral change, attitudinal
change is required as well.

2. There are certain ways to give good amount of knowledge and encourage user to participate in
security measurements. Employees should be taught to spot common malware attacks and
report possible security threats as soon as they encounter them. As part of the training
program, mock cyber-attack simulations can be used to reinforce good behavior and test which
employees have already reached the desired level of security awareness, give good amount of
knowledge between strong and weak password. If an employee makes a mistake, they let the
security team know and take the necessary actions to correct their misstep. Employees do not
share passwords, door codes, keycards, or other assets because they recognize how easily they
could fall into the wrong hands. Security team should create friendly environment, so No one
feels they are above cybersecurity rules, regardless of duties or seniority. Be sure to reward the
teams and individuals who are supporting a culture of security. By adopting these methods into
the culture, every team member will know what is expected and cyber security will become
second nature.

Nahla Davies: https://cybersecurity.att.com/blogs/security-essentials/building-security-culture-how-

organizations-can-improve-cybersecurity

Chapple, M. (2021). Access Control, Authentication, and Public Key Infrastructure (3rd ed.). Jones &
Bartlett Publishers.