According to this post, it’s important to take an innovative approach when it comes to cyber security as conventional means (such as posters or one-time awareness training) do not change behavior. Further, the post suggests risk-mitigating behaviors must become automatic so they are not forgotten when people are absorbed in their roles.
Developing cybersecurity culture to influence employee behavior: A practice perspective
This paper identifies and explains five key initiatives that three Australian organizations have implemented to...