At the organisation level, human cyber security comes into play in many ways. It is clear that humans are affected by cyber security, but also that they have a strong ability to affect cyber security themselves. Therefore, the security of an organisation is not just reliant on its physical and technical defences against cyber criminals, but is also reliant upon the people that make up the company as a whole.
Those within a company or organisation must first be aware of cyber security and their role in the protection of themselves and the company. Awareness-raising is necessary, because until people understand cyber security and the reasons for its necessity, good practice will be unlikely. Empowering staff with the ability to recognise things such as scams and social engineering techniques is vital in decreasing threat levels. On top of this, employees must be aware of the policies a company has in terms of its cyber security. Without an understanding of what measures are in place and why, people cannot be expected to perform good cyber security.
Much of the way in which those within an organisation carry themselves in terms of security is dependent on how the company as a whole handles the issue. If there is a perceived nonchalance surrounding cyber security, then a weak cyber security culture is created and the cycle of bad practice perpetuates. The people in charge of cyber security have a role to play in teaching and motivating good practice throughout a company in any way they can.
Through an understanding of cyber security and how to stay vigilant against attacks, those within an organisation will be much better equipped to protect the company and themselves. If the work environment encourages good practice, then it is much more likely that this will be achieved.