Tips for Intercultural IT Security

• Campaigns for maximal security awareness individually adapted to other cultures
• Strategies for the human factor increase IT security at locations worldwide
• Human behavior can jeopardize IT security at company locations at home and abroad

To reduce the possible risks, it is important to create a high level of awareness for cyber dangers everywhere: Staff should, if possible, never open attachments in emails from unknown senders or be persuaded to reveal sensitive data as a result of social engineering. “In order to sensitize your staff working abroad, it can be sensible to use different approaches to those that work at home,” says Angela Baudach, a cyber security staff member from DXC Technology. She recommends integrating and training staff individually and corresponding to their intercultural context.

Developing international strategies to develop the human factor for higher security

“An overall concept is necessary and constant communication which keeps the awareness level sustainably high,” Markus Schaffrin, Head of Member Services at eco – Association of the Internet Industry, confirms. “Because individual measures on their own only have a superficial impact on protection.” Staff need to be sure of how they should behave in normal operations, and how to react professionally during a security incident.

There are many possibilities for how to adapt the security strategy to the respective intercultural context in different countries. In the USA, for example, Baudach recommends emphasizing individual’s personal successes – for example, using a quiz where the best result wins a prize. In collective cultures in Asia and India, on the other hand, the group as a whole is in the foreground and is more important that the self-fulfillment of the individual. Here, group tasks are more likely to lead to the objective. And yet, especially in these countries, differences in communication make it difficult to measure success, because workers tend to answer all questions in the affirmative. It can also be very difficult for people from these cultures to admit to a mistake. “Some experience is needed to be able to hear where a ‘Yes’ might actually equate to a ‘No’, in order to plan where adjustments may be necessary,” says Baudach.

Strategically strengthen the IT security chain

In contrast, organizations in the Near East, for example in the United Arab Emirates, tend to be strictly hierarchically organized. “Here, clear instructions from the boss are effective. The staff will most probably subsequently act according to these instructions.” In addition to personally addressing staff, she recommends regular emails, posters and giveaways, or web-based training with Gamification approaches. “Companies need to integrate these elements into a holistic security strategy, which involves staff and takes account of intercultural differences and communication characteristics,” Baudach summarizes. “That keeps the awareness level high in the long term and transforms people from a security risk to a security factor for IT security.”

Visitors to the Internet Security Days 2017 on 28 and 29 September 2017 can learn more on the topic of intercultural IT security. Alongside Angela Baudach, numerous experts will be speaking about the human factor in IT security.

Further information on the Agenda of the ISD 2017 can be found here (German only): isd.eco.de/agenda-2/agenda-2017/agenda-2017-donnerstag.html