Security News > 2021 > May > Cybersecurity: Don't blame employees—make them feel like part of the solution
Edmondson, who studies leadership, teaming and organizational learning, said in the article Psychological Safety and Information Security by Tom Geraghty, that she believes a lack of psychological safety results in a "Blame culture." Edmondson coined psychological safety and defines it as: "Where blame is not apportioned, but instead every mistake is treated as a learning opportunity, mistakes ultimately improve performance by providing opportunities to find the systemic causes of failure and implement measures for improvement."
Mimecast, a company providing cloud cybersecurity services for email, data and web, appears to have incorporated Edmondson's concept of psychological safety into its message to customers-in particular, how security awareness can reduce human error and the need to blame anyone.
"Some industries' top cybersecurity concern may be legal or HIPAA compliance-for another company, they may have dealt with targeted malware attacks. Keep training connected to the most relevant concerns employees are dealing with."
"Giving practical, relatable examples of how common cyberattacks, such as phishing scams, can impact people at any level of an organization will help keep employees aware that their role does make a difference. It may help to give examples of situations where a cyberattack can have an impact on a personal level, such as defrauding an employee out of money directly."
"Give employees the most important information on each subject in an easily digestible format that feels relevant to their work. By keeping the information as short and simple as possible, it will be much easier for employees to give it their full attention."
"The best security-awareness training tools will give employees the ability to test out of training." By tracking which employees fail and which ones respond appropriately, it becomes apparent who needs more training and who does not have to waste time learning what they already know.