Staff are your organization’s Achilles heel when it comes to cyber security.
One click is all it takes. Malicious software or an infected website link, and the company’s sensitive data and computer system are at risk. Small wonder that 32% of phishing, hacking and malware cyber security incidents are due to human error.
The old ‘it won’t happen to us’ defense is a thing of the past. When almost one in three organizations have experienced cyber-attacks, it’s a matter of ‘when’ – not ‘if’.
Security awareness campaigns are an essential tool to educate staff on the risks and instil the right behaviors. Get employee attention and protect your organization with these 12 ways to create an unmissable cyber security awareness campaign.
1. Focus on the “must-see” policies
Not everything can be a “must” – and not all “musts” are equal. Focus on the issues most likely to happen or those with the biggest risk. You need to decide what NOT to communicate. An effective employee security awareness program helps people understand key policies – not to know everything possible.
2. Connect to 'hot buttons’
Ask employees about the security issues and behaviors they see in their areas of work. If you’re already communicating and behaviors are not changing, ask staff why. This will help you to understand their motivation and connect to their “hot buttons”.
3. Use targeting to improve relevance
What information does each audience require? Are there high-risk areas that need additional or different types of security communication? Target messages to different audiences depending on the security issues the different audiences face.
4. Repeat key messages in multiple channels
Repackage key information into bite-sized pieces and reinforce messages through multiple channels. Repetition drives recall. It also allows you to communicate more effectively and with less impact on day-to-day operations. Maintain a library of security awareness resources to reuse as required.
5. Use senior leaders to help you
Sharing stories from the CEO and other senior leaders can make people feel comfortable. They can also communicate simple ways to report security issues. Use face-to-face or video messages to deliver information and convey emotion in this way.
6. Challenge beliefs of safety
Employees may underestimate the cyber threat. Raising awareness and risk management are an important aspect of a security awareness campaign. Consider that by 2020, the number of passwords used worldwide will grow to 300 billion. That’s a huge potential weakness hackers can exploit to gain access.
7. Include visual cues
Apply distinct colors to security messages to brand them according to priority. For example, red = urgent (such as a security breach), orange = warning (known phishing activity underway) and green = information (policy or process updates). This helps employees immediately identify the nature of the message and prepare them to act accordingly.
8. Use past security breaches as learning examples
Provide examples of real data breaches and other security incidents. Then “gamify” them by running employee quizzes of what should have been done in each situation. For longer campaigns, create leader boards and broadcast updates to keep energy levels and interest high.
9. WIIFM (What’s in it for me?)
Run campaigns showing employees how to protect themselves in their personal lives as well as professional. For example, how to protect their home computer, keep kids safe online, check for viruses etc. By engaging employees in the concept of cyber security, you can then broaden this to the wider organization.
10. Become a storyteller
Treat security message titles like headlines to grab attention. Summarize the body content into short, punchy and easy to digest formats. For maximum impact you need to engage people with messages and connect on an emotional level.
11. Emphasize the why
Engagement and behavior change increase when employees understand the reasons behind cyber security precautions. Before enforcing network security measures such as switching off HTML or removing auto complete on email, make sure to include the ‘why’ behind these restrictions.
12. Define behavior changes – and measure the impact
Clearly define the changes required as an outcome of any security awareness campaign. Use channel reporting and staff surveys to measure the impact, from readership levels to behavioral change. To best quantify results, collect benchmark data before launching the campaign.
Effective cyber security awareness campaigns educate staff, drive action and track results. The SnapComms multi-channel platform uniquely delivers these.
Raise awareness and promote key messages through dynamic screensavers and wallpaper – passive yet powerful. Get instant readership with high-impact alerts – cutting through workplace noise when time is of the essence. Build employee engagement using interactive surveys and quizzes.
See for yourself how SnapComms works for cyber security awareness campaigns.