The Law Offices of Mary N. Chaney, P.L.L.C.
The Cyber Security Law Firm of Texas

Mary's Blog

The Breach Whisperer

About Mary....

Mary N. Chaney, Esq., CISSP, CIPP/US is a former Special Agent for the FBI where she investigated cybercrime, a seasoned corporate executive that built and operated information security teams and now a cybersecurity attorney.

As a self-described “Breach Whisperer” our firm can train your company to properly prepare for your eventual breach!

The overall goal of our firm is to use our wealth of knowledge and expertise to help support, translate and advise, Boards of Directors, CIO's, CISO's and General Counsel's on how to legally protect their company from cyber related risk.

Blog Entries


 

Does A Bad Corporate Culture Equal A Bad Cyber Security Culture?

See Article Here

October is Cyber Security Awareness Month and every year I hear how impossible it is to patch the human firewall, the human being is the weakest link, etc. and I was reading the attached article and it dawned on me. I read somewhere that most employees are unhappy, so I did some research and found a report published last year by Mind The Workplace about job satisfaction and it said that 71% of employees are either “actively looking for new job opportunities” or had the topic on their minds “always, often or sometimes.” 

It got me to thinking, if you have a bad corporate culture, with unhappy employees, they can simply care less about cyber security! Yes, even in October! The attached article states that only “34% of employees have a sound understanding of their role in their organizations’ security culture.” So that means 66% either don’t know or don’t care. The numbers track so I think I am on to something here. :-)

Corporate culture is of course a fickle thing, hard to grasp but one thing is for certain, your company culture is defined by your leadership. Educate leadership better on their responsibility in improving your cyber security culture, to set an example for employees. Also, if you can somehow weave cyber security into your efforts to improve your company culture then maybe movement can be made. And maybe people will begin to care.