Each of us, nearly every day, makes some kind of transaction online. Whether it’s simply checking our email, doing a bit of shopping, or ordering takeout for dinner, we are sharing not only money but personal information about ourselves with myriad people, companies, and systems. To live this online existence, there is some manner of trust required. Trust that the information you're sharing will remain confidential, and that the companies you’re sharing it with will do everything they can to protect you and your data.
It can be scary and, frankly, overwhelming to think about. But awareness is the first step to protecting yourself and your information. Awareness is also a huge part of establishing a strong culture of trust and security within any organization.
I’ve learned this first-hand working at Salesforce, and witnessing how seriously we take trust (it’s our number one value, after all). From day one, Salesforce’s founders understood that the value of our products and services directly depends on how much our customers trust us to keep their information secure.
Why are We Talking About Culture?
At first glance, cybersecurity is often viewed solely as a technical issue, with purely technical solutions. Install antivirus software and you're golden, right? Not necessarily. While technical solutions are some of the easiest to enable — because they can decrease opportunities for a user to do something unsafe — there is no one-size-fits-all technology that can account for all human decisions or actions.
Whether we’re talking about a global corporation or a single-family home, a multi-layered approach to security, one that takes into account the complexities of human behavior is often much more successful. Why is this the case? Well, while humans have the ability to reason, we are complicated creatures and may not always act in our own best interest, or the best interest of our organizations. Let’s just say “life happens”. We are not machines and shouldn’t be asked to behave as such. That’s where culture comes into play.
When it comes to big business, there’s the oft-quoted idea that “culture eats strategy for breakfast”, which is true in many regards. It doesn’t mean that strategy isn’t important, but without culture, strategy doesn’t usually go very far. However, “culture” doesn’t mean much if we don’t actively seek to define, understand, and question the values behind it. After all, the cultures we participate in also become a part of our individual identities.
At Salesforce, we strive to build a trust-first culture that encourages positive security behaviors and decision-making through a lens that ranks trust above all else. We consider our employees to be a critical line of defense in protecting and securing our company and customers’ data, making security awareness, engagement, and education indispensable.
What Does Trust Look Like Every Day?
One of the key things we do on the Security Awareness team at Salesforce is to reinforce our value of trust when we are asking anyone to make a change, or behave in a way that promotes security. That means not only pointing out behaviors that make a difference but asking each of us to consider how we can build trust.
Often, this boils down to being more mindful and taking a moment to ask ourselves the question, “Is what I’m doing trustworthy?” And then applying it to everyday actions such as:
- Taking a second before you hit send to make sure you are sending the right info to the right person
- Making time to audit your accounts and ensure you have MFA enabled
- Using a password manager and not repeating or sharing passwords
- Reporting scams and phishing to the right people, be it your phone or internet provider or your workplace incident response team
- Knowing what to do and who to contact if something does happen
- Being kind to yourself and preparing a plan to make it easier should something go wrong
One of the most important parts of establishing a culture of trust is knowing that we all make mistakes, but we’re not alone. Being trustworthy means there’s no shame in asking for help when something happens. It’s about what you can do, not what you can’t. Remember, we’re all in this together, and a culture is nothing without the people who identify themselves with it. A strong culture of trust can give us each a framework for meaning in our lives and decision making.
To learn more about the importance of trust and how to make good decisions online, check out the Cybersecurity Learning Hub, an initiative led by Salesforce with support from Fortinet, the Global Cyber Alliance and the World Economic Forum. This free online learning platform, including our Security Basics Trail, empowers everyone, and anyone, to skill up on cybersecurity.