This advice has been collated by EMSOU and is intended for wider distribution within the East Midlands Region to raise awareness among businesses and the public.

Advice and information is changing daily as we navigate our way through the COVID- 19 pandemic, so please ensure you only take information from reputable sources. If you require any further information, assistance or guidance please contact the EMSOU Protect Team or your local Force protect team. For cybersecurity measures to truly work, a culture of cyber security must be cultivated within the organisation or sector as a whole. This blog will examine how you can create a culture of cyber security within your own business, from training staff to appropriate data protection measures.

What is a culture of cyber security?

In the aviation industry, where safety is the number one priority, the last thirty years have seen a radical cultural transformation. Unavoidable human error was rejected long ago, replacing this mind-set with a strong safety culture and a reliance on proven procedures. Little mistakes in aviation compound into huge problems.

This forced change in the aviation industry, driven by the need for customer safety and confidence, is paralleled in the business world of online activity. Customer security and confidence is vital for businesses and organisations to survive and prosper.

How do I establish this culture in my business?

In any organisation senior leaders must drive cyber security strategy, investment and culture to create operational resiliency. A culture of cyber security requires the senior leadership team (SLT) to:

· Invest in basic cyber security · Determine how dependant on IT business operations are · Approach cyber as a business risk · Lead development of cyber security policies · Build a network of trusted relationships to access timely threat information

Staff are first line defenders and must become security aware and vigilant. To achieve a culture of cyber security:

· Leverage training resources through professional associations, academic institutions, the private sector and government sources to teach security concepts, current threats and activities associated with best practices. · Disseminate ‘lessons learnt’ and the benefits of reporting events to maintain ongoing vigilance.