Organizational culture plays a significant role in many facets of how businesses function, from how staff interact with each other and with customers, to the quality of products and services, to employee attitudes and longevity, to the safety and security of your IT systems and data.
Often overlooked, culture actively plays a significant role in safeguarding data against the rising threat posed by skilled hackers and adversaries, including those responsible for the proliferation of synthetic media impersonations, a.k.a., deepfakes.
Organizational culture is vital for successful threat detection, response and recovery. A strong culture can help mitigate the potentially damaging effects of deepfakes to your organization’s reputation and credibility. It’s the type of culture you have that will largely determine whether an attack fractures your company or drives a unified defense.
When employees are steeped in the organization’s security culture, they can become valuable assets. Confronted with a convincing deepfake of your CEO making offensive or controversial remarks, well-trained people will not immediately believe what they see, they’ll immediately question its veracity.
If employees feel comfortable about raising concerns, asking questions or seeking information without fear of reprisal or repercussions, they are more likely to inform the appropriate contact about a suspicious message or image. By teaching the importance of pausing for verification before acting, individuals will be less inclined to spread misinformation on social media. This starts with employees trusting the organization and its leaders to be transparent and fair.
Help employees develop critical thinking that instills a habit of verification and avoids fostering a passive culture where employees are susceptible to bad actors. To do this effectively:
■ Normalize the habit to “always verify before you share.” Make this a cultural expectation, not just an IT policy. Encourage employees to check sources, consider context and be alert to potential anomalies before reacting to sensational content.
■ Value evidence and context. Stress to employees that seeing isn’t believing. Encourage them to look for corroborating evidence, to consider the credibility of sources and to question whether content aligns with normal behavior.
■ Cultivate a continuous learning mindset. Position security awareness and digital literacy as more than just compliance checkboxes.
Deepfakes can spread like wildfire in these environments—but they’ll die a quick death when you actively cultivate healthy skepticism and verification habits among employees.
The goal of deepfakes is to destroy trust. That’s easy to do in an environment where employees already feel disenchanted because they’re primed to believe the worst.
When the culture is built on authentic trust and radical transparency, employees will have your back during a crisis. When senior leaders consistently act with integrity, they’re building a reservoir of goodwill that will help thwart attempts by adversaries to undermine trust.
This is especially true during times of uncertainty when trust is suddenly lurched forward and put to the test. When leaders communicate early and honestly during a crisis, admitting what they know, what they don’t know and the lessons learned in mitigating the incident, employee trust will be positively influenced and nurtured.
When organizations admit to their own flaws, freely sharing their mistakes, they create a climate that is more resilient to deepfake attacks because leadership will be viewed as honest and credible. Silence breeds suspicion and speculation. Transparency serves as an effective antidote to misinformation.
Employees need to understand that system and data security are the responsibility of everyone in the organization, not just the IT department or HR. A culture that supports unity, fostering a “we’re all in this together” mindset, will encourage active participation in identifying and reporting potential fraud and protect the company from harm.
Sustaining a strong cyber culture to successfully defend against cyberattacks is the responsibility of leadership, not a task to be outsourced to HR or a compliance officer.
Leaders set the stage by modeling the behaviors they want to see reflected, communicating transparently and admitting when they’re uncertain, or when they make errors for being human.
These efforts need to be a natural extension of the culture and its operations. Culture is a bona-fide security asset. Make sure you’re proactive in managing that asset through leadership development, communication training, trust-focused team building and embedding secure digital literacy into the organization.
Critical thinking and verification habits provide the tools employees need to discern truth from fabrication. Trust and transparency offer a lifeline of credibility during the storm. A sense of collective purpose ensures the organization will stand united against external threats.
