Checklist 290: When and When Not to Be “That Person”
On this week’s Checklist, we discuss:
- Security at the office
- When using an AirTag goes wrong
The trouble with “not my job”
30% of employees do not think they personally play a role in maintaining their company’s cybersecurity posture…[and] only 39% of employees say they’re very likely to report a security incident, making it much more difficult for security teams to conduct investigation and remediation during a data breach.
This despite the fact that the organizations polled rated their security culture an 8.4 out of 10 on average! Clearly, there’s a communication breakdown among leaders, security teams, and rank-and-file employees. What can be done?
Kim Burton, head of trust and compliance at Tessian, the company that conducted the survey, suggests that companies focus on sending a clear message that security is everyone’s job:
Employees focus on what they perceive their role to be. If leadership treats security as separate from everyday work, if security is only spoken about during annual training time, people will do what matches with their perception of their job…
How to build a culture of security
In addition to better communication, Tessian suggests companies take the following steps to improve security:
- Get rid of scare tactics and punishment in security training. Focus on reward and positive reinforcement instead.
- Focus on employee health and wellbeing…because stressed and exhausted employees make bad cybersecurity decisions!
- Tailor your security training by role. Different teams have different jobs, challenges, and communication styles. The training that you give to sales and marketing people should not be the same one that you gave to the engineers!
- Set clear goals and milestones. It’s hard to hit a target if you don’t know what you’re aiming at.
We’ll add a final piece of advice: Remember that it’s OK to be “that person” where security is concerned. If you listen to The Checklist, you’re more security-savvy than most. So share what you know with the team!
An AirTag doesn’t make you Batman
A recent story in Cult of Mac illustrates why it’s a bad idea to go after stolen property on your own — even if AirTag is telling you where to find it!
An AirTag user in New York had put an AirTag on his motor scooter…which was then stolen. He called the police (right!) and then tracked down the thief by himself (d’oh!).
Unfortunately, it didn’t end well for the man: The thief and a second individual assaulted him. The victim survived the incident, but ended up in the hospital — and acknowledges that it could have been much worse.
We’ve said it before in the past, and we’ll say it again today as a reminder:
If one of your devices is stolen, and you locate it using Find My — or if an item is stolen and you track it with AirTag — please just call the police and let them handle it. It’s a bad idea to confront criminals on your own.