Security is a core competency that every person should possess. This does not mean every person should be a security or cybersecurity expert. But, in light of the constant onslaught of cyberattacks against all of us, being able to ask the right questions and make the right decisions to protect yourself and your data is essential. The primary way to accomplish this is with a security mindset.

🔐 What is a security mindset?

We define a security mindset as security thinking that is integrated into the flow of work. More concretely, and to not use “security” in the definition,, it is considering the risk to data from your actions and decisions in real-time.

A security mindset goes beyond security awareness as a security mindset is actionable. Building a security mindset should be the goal of a security training program or security awareness program.

How do you build a security mindset? 🤺

Building a security mindset is like building any other muscle. It’s a habit. A person can be conditioned to have a security mindset using the following strategies.👇👇

🏋️‍♀️ Exercise Consistently

The key to conditioning any muscle is consistency. Regardless of the format of engagement on security topics, doing it on a regular, consistent basis matters a lot. When it comes to learning and retention, data shows that the more frequent, the better. We recommend weekly touchpoints to keep security top of mind.

🏃‍♀️ Repetition

When it comes to physical exercise, the number of repetitions varies with the workout. When it comes to conditioning a security mindset with security awareness training and engagement, repeating the same topics is a feature not a bug. The topical priorities should be within the bucket of social engineering as these account for the vast majority of “human errors” when it comes to security hygiene. Repeating these topics over and over is a good way to build security muscle.

🏊‍♂️ Variety

There are multiple exercises for each muscle. Using a variety of techniques to condition your security muscle will only make it stronger. When it comes to security awareness training, there are multiple ways to engage users - phishing, regular short content, annual training, and announcements.

🍽 Nutrition

Exercising is not the only way to get and stay healthy. What you eat is a big part of that as well. A healthy diet supports exercise. Metaphorically, an employee with a security mindset needs support while in the flow of work. Connecting security knowledge into the tools and workflows helps support security thinking whenever and wherever employees work.

😴 Sleep

A body needs rest to recover from exercise. When it comes to security, users need support in the form of tools, apps, and services that make having a security mindset easier. This includes obvious and ubiquitous solutions such as firewalls but it also includes less obvious things like making it simple and non-punitive to report security incidents and ask security questions.

—-

We stretched the metaphor above to show that there are multiple ways to support employees in building and maintaining a security mindset. We’ve seen this as one of the most valuable skills to have for modern work.

‍