I may work at an industry-leading tech company filled to the brim with nerds and data wizards, but me? I was a creative writing major. I spent my time in undergrad diagramming sentences, crafting character arches, and writing sestinas ... for fun. I’ve always been semantically wired—picking up the crossword before the sudoku—so, it’s ironic that I landed a career in such a technical world.
When our kindergarten teachers asked us what we wanted to be when we grew up, how could any of us foresee a career in e-discovery? Personally, I don’t know any kids asking mom and dad about sentiment analysis and comprehensive AI. e-Discovery tends to find you.
Given the range of hard and soft skills this industry encompasses, it’s important to learn how to feel responsible and capable in this landscape. Even, and especially, when it feels unfamiliar.
In fact, I have to remind myself when weighty topics roll in—for example, when I’m overhearing big conversations surrounding security—that there’s danger in leaving the “techy” things to other people. Having blinders on doesn’t just stunt you on a personal level; it can negatively alter the ecosystem around you.
If your background and your current role aren’t especially technical (hello, fellow marketers!), it’s easy to think: “Cybersecurity? That’s someone else’s job.” I mean, come on—we have a security team! I’ll worry about grammatical errors, and they can handle our defenses against intellectual property exfiltration. Right?
Not quite. To achieve a thriving security culture, everyone needs to have a hand in the security of their organization and their data. In fact, it’s absolutely crucial that non-technical people care about and advocate for security culture. And what’s more? It’s damaging to be ignorant.
So, how do we, the not-so-technically-inclined, care about security in roles that feel removed from it? And how do we reframe the way we think about security?
What is a Security Culture?
It starts with an understanding of what a healthy, living, breathing, security culture even looks like.
At its very purest form, creating a security culture means taking the time to teach and promote, at all levels of a company, security itself: its foundations and its practices. Organizations who do this right—making it a recurring topic in early training—can prove to their employees early on why security matters. But let’s not forget why we’re here to begin with: you can and should take agency!
Staying curious on a personal level is the key to feeling capable and confident with security matters. After all, to understand our role in mitigating risk, we first have to know how to identify it. Every question, every deep dive, equips you to avoid potential risk and to be that much more prepared should you, God forbid, face an incident. In turn, this familiarity will keep security front-of-mind as you go forward into your workday, career, and life.
This kind of education surrounding security isn’t possible without a foundational set of protocols and standards. Chances are your organization upholds certain measures in areas like access control, data classification, incident response, and data handling. These pillars establish consistency, to keep all our rivers flowing in the same direction, and they’re not just abstract ideas for the leadership team to worry about.
You should genuinely care about knowing these, and more importantly, you should consistently follow them—because these standard protocols are actually the basic cybersecurity measures that offer you the power to mitigate cyber threats. Too many successful attacks simply exploit failures to observe basic measures like patching or using multi-factor authentication for logins. A harmonized standard of caring about those things acts as a sort of sealant, filling the gaps and binding the joints, to resist both leaks and intrusions.
Why Should Non-Technologists Care about Security Culture?
The reasons you should care about taking ownership of cybersecurity are plentiful, but the importance of a workplace culture of security is best summed up with one point: it’s personal. You provide your information to your employer, don't you? Somewhere among the billions of bytes of sensitive information, financial data, and social security numbers floating around in that data lake, is your information.
Your personal deets out there in the great wide web! And since you’re trusting the security of your organization to protect it, investing and participating in your team’s security culture only strengthens that shield. Plus, putting good security habits into practice at work will make them feel more natural in your personal life—and bad actors can find your data either way, if you aren’t careful.
There are wider-reaching effects, too: your organization’s reputation, your job security. Need I remind you of messy things like legal consequences, financial penalties, and reputational damage?
Beyond just inducing fear, look at these risks as reminders of the ethical responsibility we hold as guardians of confidential data—ours, our families’, our customers’. To be frank, security breaches can ruin lives, and as members of a bigger organization, non-technical individuals have just as much of an ethical obligation to protect sensitive data and respect the privacy of customers, colleagues, and stakeholders, as the individuals building the software.
What Can We Do to Show We Care?
So, what can you and I do to actively participate in a culture of security—and show our communities our commitment to keeping their data safe?
What you begin by choosing to care about security culture, continues by staying curious and informed. Asking questions like, what are the latest security threats? And then finding out. There are plenty of prominent, reputable sources, conferences, and experts we can follow along with. For example:
Plus, you can always subscribe to The Relativity Blog to receive new security lessons right in your inbox.
Be an Example
Understanding the landscape and its inevitable risks is a huge step in the right direction, and if you’re headed toward a safer future, why not take your peers with you? Whether it’s a small thing (like encouraging a coworker to close their laptop when stepping away from their desk), or a big thing (like starting a security initiative at your organization), adopting a security mindset can be contagious.
Just like we have a moral obligation to protect the privacy of our customers and colleagues, we are all obligated to report security incidents and act when tragedy strikes. Maybe this means you’re the first to notice a phishing attempt. Or maybe you’re not afraid of communicating and collaborating with IT and security teams when something suspicious occurs, even when you may not feel the most “equipped” to do something about it yourself.
Engage and Contribute
Fostering a culture of security could mean offering your specialized skills towards a project. You might assist with security assessments or audits, write security-centered articles, or advocate for necessary resources. It could mean giving of your time to join a security committee or group where you have the space to contribute ideas, share perspectives, and collaborate with other teams over security. It might even mean just talking about security more in general. Create a tone of open communication by sharing security-related content, articles, updates, and more. You never know what positive action sharing that post you saw might ignite.
By actively engaging in these ways, non-technical individuals can make meaningful contributions to security efforts and help create a more secure environment within our organizations.
Only You Can Prevent Security Breaches
If you’re not motivated to add “I can better the security of my company” to your list of daily affirmations to tell yourself in the mirror, at least know that your actions, no matter how small, carry big weight. Being uneducated or ignorant on the subject isn’t a valid excuse. You have a responsibility and an opportunity to maintain the health of security culture. Yes, you!