Habit 3: Good Habits are Cybersecurity


If you’ve implemented the two prior habits you can now start leaning into making sure that your team continues to form good habits.

At the end of the day, you are dealing with people. As many philosophers and stoics have pointed out, a person is essentially a collection of habits. That means good habits are cybersecurity. Without good habits, all of the systems in the world won’t make a difference.

I can’t tell you the number of times over my 15-year IT career in the silicon valley that I waltzed right into an office building, completely unannounced and in street clothes, sat down at someone else’s desk, and started using their workstation. Most of the time when someone did stop and ask who I was or what I was doing, I would simply say, “I’m IT”, at which point the person would lose interest and go freshen up their coffee.

Mind you, these were multi-billion dollar tech-based companies and were very proud of how good their cybersecurity was, which they routinely touted in their marketing campaigns.

Hype does NOT equal cybersecurity.

In many cases, I was there to troubleshoot an issue with an HR-related system that contained a ton of personal information, including social security numbers. I was able to access the system from a random workstation with little to no impediment and no credentials. In a lot of cases, all I had to do was look at a sticky note on the bottom of the monitor that had a login and password on it to gain access.

That’s absolutely bonkers. With even the most basic cybersecurity habits and just one suspicious employee that would not have been possible.

Time to Make Some Habits

Let’s talk about easy and cost-effective ways to go about implementing good cybersecurity habits.

Make a habit of spending a little time with your team on a monthly basis to discuss any pressing or relevant cybersecurity threats the business is faced with. That’s right, I’m asking you to start doing routine cybersecurity briefs with your team. They’re not all that bad. Remember, all meetings are better with snacks. We like popcorn.

You’ll free up a lot of mental energy to focus on other business challenges when you’re not worried about cybersecurity.

“Never let the future disturb you. You will meet it, if you have to, with the same weapons of reason which today arm you against the present.”

― Marcus Aurelius, Meditations

If you feel like you don’t have the time to do these meetings many companies now provide Security Awareness training. This includes a rotation of short video content, written content, and/or quizzes that you can send your users. The topics range from phishing to ransomware to identifying and escalating breaches. You can also track their progress to see if they’re engaging with the material.

Many of these systems allow you to simulate email phishing attacks and catch users with bad habits. This isn’t designed to get anyone in trouble. It’s designed to identify users who need better habits and email them relevant training material. It all happens routinely and in the background while you focus on running your business.

We like the Ironscales‘ Security Awareness program. It’s very inclusive, the content is easy to absorb. I like that it has a light look and feel to it, which will help keep your users engaged.


Remember, small changes to the way your business approaches cybersecurity will produce big results. Cybersecurity is all about good habits. Remember that it takes time to develop good habits. So be patient with yourself and your team.

We all know at least one person who has been the victim of identity theft. It might have even been you. People are becoming far more aware of cybersecurity, but they have no idea where to begin. You have an opportunity to guide people to better personal cybersecurity, and it will make your business’s cybersecurity stronger as well.

People who feel a bond or connection with the business they work for produce more, period. If you approach cybersecurity with the right attitude and energy, you can change it from a pain point to a positive team building experience.

We sincerely hope this information was helpful and contributes to keeping your business, employees, and yourself safe from cybersecurity threats. If you have any questions, get in touch with IT Ninjas, we’ll be happy to answer them. Be safe out there!

Was there a specific cybersecurity topic that you would like addressed? Leave us a note in the comments and we’ll do our best to dive into the topics you all want to hear about.

Leave a Comment