Technology and employees have much in common when it comes to cyber security. Kept updated they provide powerful protection. Left neglected or out of date, they put organizations at risk.
According to Cisco’s Annual Cybersecurity Report, more than one-third of organizations that experience a cyber breach lose customers, business opportunities and revenue.
All Information Security Managers agree on the importance of updating security protocols and firewalls. But what about employees? Are they also kept informed and up to date?
Phishing scams, malware and other tactics exploit remote workers’ weaknesses. 90% of all cyber security attacks begin with human error.
Effective employee communication is essential. The consequences of ineffective communication, resulting in misunderstanding cyber risks, could be disastrous. Cyber security professionals must use the right channels for the right audience at the right time.
The following cyber security templates provide best practice examples of how messaging can be used to improve your organization’s cybersecurity protection. These can all then be used as part of a cyber security campaign.
The number of security breaches is on the rise. In the healthcare sector alone, 360 data breaches occurred in the first half of 2021. This is a 33% increase on the same period in 2020, exposing the data of nearly 23 million patients.
Staff must be notified immediately in the event of a security incident. Every second is critical in resolving the situation and minimizing the fallout. Clear systems must be in place to reach everyone in the organization, whether desk-based staff, remote workers or contractors.
Use for: Alerting staff immediately to the incident. Getting their attention, regardless of what else they’re working on, is essential.
Having pre-built message templates ready to go allows you to message staff with the click of a button. Time spent creating messages and seeking approvals in the heat of the moment is wasted time for your response team.
Cyber security promotion can’t be a ‘one and done’ exercise. Employees need repeated exposure to information, and a combination of complementary communication channels in order to absorb it.
Regular reinforcement of key messages improves employee adoption. Acting correctly becomes second nature. It also ensures that when a cyber-attack occurs, employees are much more likely to read, understand and act upon your messages.
Use for: Improving employee behavior around cyber security processes. Reinforcing key themes from raining or the latest policy changes.
Display channels such as corporate screensavers can be transformed into powerful promotional tools for your InfoSec awareness campaigns. Remind staff of steps to follow in a phishing attack. Direct them to your intranet for the latest information and policies.
Power to the People: Expert advice and InfoSec quarterly communication plan
Download our guide to building a strong security culture
Education and Training
One-quarter of employees confessed to clicking on links in a phishing email at work. That’s a stat sure to make every Information Security professional sweat. Every click could be catastrophic.
Regular training sessions keep employees abreast of emerging cyber security threats and examples of security failures. Subjects could include technology use, password management, data handling procedures, incident response plans and social engineering techniques.
“User education is one of the top things you’ve got to get right to protect yourself.” That’s according to the Service Operations Manager for a major UK healthcare provider. But training is only effective if staff attend and engage.
Use for: Improving training effectiveness. Increasing relevance by simulating the unique threats different teams face so that scenarios are more relatable.
Use online quizzes to test employees on what they’ve learned. This identifies knowledge gaps where further training is required.
Best channel: Online Quiz
“Information security is the responsibility of every single person in the organization.” That’s the belief of Angela Henry, Information Security Operations Head for a leading South African bank.
The virtual workforces so common today increase an organization’s risk profile. Staff working remotely are more likely to click on phishing emails because they’re distracted by activities unrelated to work.
A cybersecurity communication plan ensures employees understand their role in keeping the organization safe and comply with security requirements.
Use for: Ensuring staff acknowledge cyber security policies and agree to comply with them.
Include a mandatory ‘I accept’ button in all policy update messages to staff. Send the messages to employees repeatedly until everyone clicks to acknowledge acceptance.
Best channel: Compliance Alert
Download Cyber Security Guide
Now that you know some of the cyber security notification templates available, the next step is to put them into practice.
Our handy guide takes you through how to use these in an effective cybersecurity awareness campaign. Download it free now.