Log in
Show password
Forgot password ?
Become a member for free
Sign up
Sign up
New member
Sign up for FREE
New customer
Discover our services
Dynamic quotes 


SummaryMost relevantAll NewsAnalyst Reco.Other languagesPress ReleasesOfficial PublicationsSector news

Proofpoint : Why Building a Security Culture at Your Company Matters and How to Start

09/03/2021 | 10:22am EST

Cybersecurity is about more than technology and technical controls. While technical controls are certainly important, the heart of your cybersecurity strategy should be people-because it is how peoplebehave with emails, data and cloud applications that directly impact your organization's security posture.

Addressing the people aspect of cybersecurity is more critical than ever given today's threat landscape. Attackers continue to target people and commonly use social engineering as part of their attacks. Ransomware attacks often require a person to download a malicious attachment or give up their credentials to gain initial access to your organization. According to the latest Verizon Data Breach Report, 85% of data breaches involved a human element and 61% of breaches involved credentials.

People play a critical role in your organization's cybersecurity strategy (source: 2021 Verizon Data Breach Report)

Security Culture Drives Employee Behavior

A strong culture of cybersecurity can have an enormous impact on your security posture. Why? Culture drives behavior. For example, in parts of Asia slurping while eating is a sign that you're enjoying the food. However, in many European countries, eating loudly is considered rude and frowned upon.

A culture that values security shapes employee attitudes and behaviors. When your leaders and employees believe that cybersecurity is everyone's responsibility and not just IT's job, then they do things to keep the organization secure because it's valued and important. More importantly, your people and their security-aware behaviors become a strong line of defense.

How to Build a Security Culture in the Workplace

So, how do you go about building a culture of security within your organization? Here are some starting points to build a stronger culture of security:

  • Gain support from the top: While everyone in an organization affects security culture, executives and managers have a greater influence by the nature of their roles. Company leaders often set the tone for the rest of the organization. If the CEO regularly talks about cybersecurity and how it aligns with the organization's goals at every staff meeting and all-hands meeting, it sends a message that keeping the company's data and systems secure matters.
  • Identify desired security behaviors: If behaviors are a manifestation of culture, what security behaviors do you want to start seeing from your employees? Develop a defined number of key behaviors that are tangible to the employee. Some examples include: 'Think before you click,' or 'If it looks suspicious, report it.' Once you've identified the desired behaviors, provide clear pillars to build your security awareness training program around.
  • Make security awareness ongoing: A strong security culture doesn't happen overnight. It isn't created from a single event, like annual security awareness training. Building a strong culture for security takes sustained and consistent effort. If you're doing security awareness training once a year, consider shifting to shorter training delivered quarterly. Also look for internal communication vehicles (e.g., town halls, newsletters, company intranet) to engage your employees and drive behavior change.
  • Reward good security behavior: Celebrate when an employee demonstrates good security behavior. Recognizing and rewarding the desired security behavior creates positive reinforcement and encourages others to behave in the same way. Rewards don't have to be fancy or expensive. Have fun with the rewards. Some organizations give a fish trophy to the employee who reports the most suspicious messages in a quarter. Others give users who report a suspicious message a bag of goldfish crackers.

Security culture is an essential part of any organization's cybersecurity strategy. It can help create sustained behavior change that transforms your people from targets to a strong last line of defense.

To learn more about how you can build a strong cybersecurity culture for your organization, join us for our Art and Science of Building Security Culture virtual event series.


Proofpoint Inc. published this content on 03 September 2021 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 03 September 2021 14:21:03 UTC.

ę Publicnow 2021
All news about PROOFPOINT, INC.
10/27Mimecast Considering Sale, Investment Among Strategic Options; Shares Rise 8% Late
10/18EXCLUSIVE : Email security software vendor Zix explores sale - sources
10/01PROOFPOINT : Named Best Overall Enterprise Email Security Solution Provider of the Year
09/14PROOFPOINT : How to Implement People-Centric DLP for Office 365
09/09PROOFPOINT : Countermeasures for Ransomware
09/08Proofpoint Announces Occurrence of Fundamental Change and Make-Whole Fundamental Change..
09/08ADVANCE FEE FRAUD : The Emergence of Elaborate Crypto Schemes
09/03PROOFPOINT : Why Building a Security Culture at Your Company Matters and How to Start
09/01PROOFPOINT, INC.(NASDAQGS : PFPT) dropped from S&P Software & Services Select Industry Ind..
09/01PROOFPOINT, INC.(NASDAQGS : PFPT) dropped from S&P Global BMI Index
More news
Analyst Recommendations on PROOFPOINT, INC.
More recommendations
Financials (USD)
Sales 2021 1 248 M - -
Net income 2021 - - -
Net Debt 2021 - - -
P/E ratio 2021 -
Yield 2021 -
Capitalization 10 160 M 10 160 M -
Capi. / Sales 2021 8,14x
Capi. / Sales 2022 6,92x
Nbr of Employees 3 658
Free-Float 96,0%
Duration : Period :
Proofpoint, Inc. Technical Analysis Chart | PFPT | US7434241037 | MarketScreener
Income Statement Evolution
Managers and Directors
Gary Leigh Steele Chairman & Chief Executive Officer
Paul R. Auvil Chief Financial & Accounting Officer
Marcel DePaolis Chief Technical Officer
Lyn Campbell SVP-Global Operations & Information Technology
Robert Darren Lee EVP, GM-Compliance & Digital Risk Business Unit
Sector and Competitors
1st jan.Capi. (M$)
PROOFPOINT, INC.28.95%10 160
ACCENTURE PLC38.36%228 799
SNOWFLAKE INC.10.52%104 650