Your company has a culture. I’m not saying it speaks its own language or anything (though it could be argued that a few companies do!), but your company has its own set of customs, habits, and general behaviors shared by the people who it’s composed of. Maybe you have a cake at the beginning of the month to celebrate that month’s birthdays. Maybe everyone takes a coffee break at 2pm. No matter what small, insignificant little thing it is, these customs make up the human aspect of what makes your company tick.
However, ‘cultural inertia’, when it comes to cybersecurity, can be devastating.
What is cultural inertia?
Cultural inertia can be defined both as the desire to avoid cultural change or, alternatively, the desire for change to keep going once it has started. The term was coined specifically in studies of US immigrant culture, but its applications are much, much broader. Any type of culture can be effected by cultural inertia, and that includes your office culture.
Have your employees ever resisted change to long established policies? For instance, maybe you have never required badges to be worn in the office. When you change the policy, you receive pushback from the employees. They find it difficult to remember their badges or flat out refuse to wear them. In this case, your employees are experiencing cultural inertia, or the desire to avoid changes to the office norm.
How is this related to cybersecurity?
The phenomenon can be particularly damaging to changes in cybersecurity policies, especially among employees whose jobs are not inherently technical. A lack of understanding of cybersecurity’s importance and an inherent resentence to change can cause huge problems for the security of your infrastructure.
The obvious response to finding a security flaw in your network is to fix it, right? It’s all well and good if this happens behind the scenes, but you may have some trouble if it involves your staff. Changes in things such as password policies, folder/file permissions, and login authentication is likely to be met with opposition. Don’t worry, though – there’s no mutiny happening here! Studies show that older and more uniform organizational cultures have trouble adapting to change. It’s just a part of the human condition to feel most comfortable with what we already know, even if it’s not working. Your employees’ attitudes towards cybersecurity are no different.
How do we avoid it?
Sadly, there is no way around it; it’s going to happen. The only way forward is through. Even gradual changes are going to be difficult.
If you are to overcome cultural inertia, you will need the help of all your employees. Without constant lines of communication and willingness to hear them out, there’s no way they will learn to accept change. Each and every individual will have to come to the decision that this change is for the best. And while that sounds like a tall order, it’s made much smoother with comprehensive planning. Your changes must be planned, tested, and truly believed before they will be accepted. The only thing holding your business back… is you.