Select Page

Why cybersecurity is a life skill

CYBSAFE-SebDB Webinar-preblog-221011MS-36

8 March 2023

Mads Howard: Cybersecurity as a life skill

In this episode of the Behave podcast, Ben DonaldsonCommunity Engagement Manager at CybSafesits down with Mads Howard, People Centred Security Lead at Sage.

EPISODE 2

Cybersecurity as a life skill

They talk about what it means to lead a security team, the importance of culture within the team, and how to build a supportive team that knows why they do what they do. They also talk about how it’s your job as a security team to make cybersecurity relevant and engaging as it becomes an essential life skill.

Speakers:

Ben Donaldson Community Engagement Manager, CybSafe

Mads Howard People Centred Security Lead, Sage

Guest profile

Mads Howard is a director at Sage, a software company providing products to help with business flow.

Mads has been involved in cybersecurity for a number of years. Currently, she reports to the Director of Awareness, Security & Engagement. Her role is the first of its kind in the business, and she plays an integral role in maintaining the company’s security culture.

Connect with Mads on LinkedIn and Twitter.

Key takeaways

1. The importance of a cybersecurity team

One key benefit of hiring a dedicated security team is that your organization has experts with extensive experience defending it against specific threats and risks. These may include cloud application attacks, phishing, unmatched security vulnerabilities, and many more. 

“Because of my security team, I am able to do so much and lean on so many people and draw in on so many metrics and insights and different areas of the business because my security team are really on board with the work we are doing in this space.”

2. How to help people understand the importance of cybersecurity

Here’s a shocking statistic: Close to 90% of all cybersecurity risks are caused by human error. This is proof that even if you have highly secure infrastructure, you’re still vulnerable if you don’t help your employees understand the importance of cybersecurity.

“Getting that culture right within a security team, whether it’s that fluid transparency and communication . . . has been so beneficial to the way we have done things and run programs.”

3. Security exposure is key

Security exposure is all about trying to identify the security vulnerability of a system. These vulnerabilities could expose loopholes that hackers could use to access as well as manipulate confidential company data. This exposure also helps reveal potential security gaps and establish control before a breach.

“You are giving people the ability to have access to certain people within the business, and it makes them feel like an important part of the team and they get value from you as you get value from them.” Ben Donaldson says people on security teams are often seen as blockers, not enablers.

Changing that perception is essential as a company’s security team plays an integral role in protecting an organization from harmful external threats like hacks and data breaches.

4. Internal communication can make all the difference

According to Mads, organizations should create programs to improve communication. At Sage, she admires how security is preached in the business.

She recognizes that organizations with good communication have a significant reduction in expenses like liabilities, insurance, and other security expenses directed to the stakeholders. Internal communication is vital for informing the workforce on why cybersecurity is essential and should be taken seriously.

5. Changing the mindset on security should be a priority

Mads recognizes that a security team is traditionally seen as a compliance tool. Often, an organization’s cybersecurity team contacting you is viewed as getting in trouble for something. She says, “If you got an email from someone who’s from cyber risk, you instantly think, have I done something wrong? Am I in trouble?”

Instead of this negative perception, we should think of how the security team is helping make our organizations more secure during work operations and protecting crucial data. Besides this, security also creates situational awareness, pushing and motivating people to do the right thing.

Mads podcast episode

Top quotes from this episode

“If security is only speaking to you when they need you to do something, you will only ever have a certain opinion of security in a business. ”
“Those little anecdotes and stories that pitch security completely differently from how people traditionally see it, is really important for changing people’s behavior and also their minds towards security as a topic.”
“If the metrics are not helping you change or give them (security team) the support they need at the right time, getting those metrics is a pointless exercise.”
“First, you need to identify top human risk, then the behaviors that manage those risks, then engage and motivate your workforce and enable your workforce to change those behaviors.”
“It is important to be a little bit experimental with this (Organizational change) because there is not a clear set path of how things must be done and that varies with what industry you’re working in.”

For more human risk insights, listen to the next episode in the Behave podcast, or read the CybSafe blog.

behave podcast-meta cover-11-11-11-13
Behave Hub newsletter CybSafe

Do one more thing right today. Subscribe to the Behave newsletter

You may also like

How to unlock CAM’s huge potential for behavior change

How to unlock CAM’s huge potential for behavior change

Cybersecurity Awareness Month is here. It’s the once-in-a-year opportunity where the spotlight shines bright on security. I wanted to take the opportunity to highlight some of the things CybSafe are doing to support organizations with their CAM initiatives, and call out the great work done by the...