The recent security incidents point what should by now be considered common sense: businesses who rely heavily on technology (and let’s face it, that makes most of us!) need to go a step further and make sure that their staff are trained on how to spot a possible cybersecurity threat.
If this is still not syncing for you, or perhaps the incidents seen by Wannacry didn’t scare you, perhaps this will:
Cybercriminals like to target SME’s. 43% of cyber attacks target small businesses.
Phishing attacks are the main avenue criminals use to implement ransomware and malware inside organisations.
Most of the security breaches are a result of careless decisions and lack of knowledge.
Even the best cyber security systems can’t protect you against naivety!
To avoid the threat of a breach, companies must convince their employees to adopt cybersecurity best practices, but even then, you can’t guarantee your employees will do what’s right.
So, how do you make sure that the message sticks with your employees?
To make sure cybersecurity becomes second nature to your people, you need to leverage education in a fun and encouraging environment, and teach your staff a sense of shared responsibility for the information they work with.
Nurturing and educating your staff about cyber security should be an ongoing strategy, driven by what we call in this post “campaigns”. Even small businesses can afford to educate their employees; an effective cybersecurity campaign doesn’t need to break the bank!
Here’s a basic guide on how you should approach your cyber security campaign to drive an effective adoption:
1. Don't try and scare your staff into it
To build an effective cyber security culture your aim should be to convince them into adopting it, not scare scare them. (Our next points give away our tips on how we make cyber security more enjoyable!)
2. Start small
Use a few short videos or infographics to generate awareness. You can also utlise posters or contests to ingrain the message and circulate them via email!
3. Keep it short
This point goes hand in hand with the "start small" idea. Don’t send out long emails on cybersecurity. This will end up being ignored by your staff. Keep it short and make it fun!
Here’s an example of an email we sent out to our subscribers, linking to our guide “Cybersecurity: Tips for Employees”:
4. Follow up with subsequent campaigns each quarter to keep the momentum going
Make sure to keep in touch with your staff by sending out the occasional phishing quiz, examples of phishing emails, or even the latest news on companies that have been impacted by a security attack.
This will help you keep IT security top of mind, and gauge the knowledge improvement needed around the office.
Here's a free phishing quiz you can send to your staff today!
Trying to change your staff behavior towards cyber security might seem daunting. Sometimes development comes in the form of small achievements, such as getting your people to appreciate the topic more seriously. If you can get them to this stage, then well done! You have made significant progress.
