Employees are the first line of defense. Here’s how to convince them to get on board:
Last year, organizations were stung by email inbox-based scams that stole $263 million from U.S. based companies. The equivalent of 200,000 American jobs! The war is on against cybercrime. And while firewalls and virus scanning software keep some of the baddies at bay, your best defense is your employees. Train them on the risks and impacts of security breaches to strengthen your position against cybercrime.
Teach security awareness with this communication strategy and turn your employees into a tough front line.
Changing behavior around security takes a lot of effort. You first need to appeal to each department in your organization. Consider the way they work, their culture and what has the biggest impact on them. Think about different ways your message can be communicated that will resonate and be most effective to each group. Tailor your training to focus on the biggest risks faced by each group for best results. For example communications to your marketing department may have more of a focus about security online, whereas when educating the finance department you may focus more on keeping their work stations secure.
Whatever method you use, ensure the key point of your message is clear. Focus on two main types of messages: Security Awareness and Behavior Change.
Security awareness messages can come in the form of a reminder to staff about phishing and to be aware of any suspicious emails. The aim of these messages is to communicate risks and increase awareness around these, this could be an interactive screensaver or digital signage. Whereas behavior change messages focus on encouraging behavior such as changing passwords once a month remembering to log out of computers at work. Using personalized examples and anecdotes demonstrating the risks, options, and impacts of each of the options, highlighting the best action.
Integrate the new behavior changes into company culture and day-to-day activities. Give employees a place and time to voice their ideas, any queries or potential risks. This can be as simple as opening communication lines from employees to their line managers and from managers to security teams E.g. Many companies promote direct communication to internal security teams by setting up hotlines and anonymous forms.
To start making a culture change around security, your messages need to be seen and get the full attention of your people. Engaging, visual and interactive communications that are in formats employees aren’t expecting (for example screensavers, quizzes and desktop alerts) will have the most impact. Staff are already being bombarded with all sorts of messages competing for their attention so your topics need to stand out, make an impact and make a change.
For your information to stick, your key messages need to be clear and repeated over time. Screensavers and posters can be re-used, reminders can be set to encourage staff to frequently change passwords. Keep your campaign fresh. Update it regularly, keep it relevant - especially with new risks and threats and any other organizational changes. Changing visuals and messages will also make sure your messages don’t get ignored.
The best way to make a change is to get started! To achieve behavior and culture change around security in your organization, it’s important to understand that it won’t happen overnight. Integrate this strategy into your communication plan to help turn your staff into security awareness advocates and build your defense against security breaches.
Read more about fostering a security culture, download our whitepaper: How to Communicate Security Issues to Employees
Get the latest blog posts straight to your inbox!