Cyber Security from the Inside Out: communicating your employees’ roles in maintaining cyber safety
Make sure your bag is zipped up on public transport. Don’t carry important items in your coat pocket. Don’t leave valuables in the front seat of your parked vehicle.
These are rules most of us abide by without consideration. Yet when we open a new online account and are prompted to choose a strong password, millions of us use one of the passwords from NordPass's 'worst passwords of 2020' list, like 123456, or password.
We all know what cyber crime is, and the importance of cyber security and safety. But despite cyber crime being on the rise in an ever increasingly digital world, its intangible nature appears to make it much less of a priority than our physical safety.
Here at Inside Out, we help organisations talk to their people about the importance of being cyber safe. Our new blog series Cyber Security from the Inside Out will share some of the insights and hints we’ve picked up along the way, and will hopefully help you start the important cyber safety conversation in your organisation.
How do you communicate the importance of cyber safety with your people?
First for the good news, it’s pretty easy to talk about cyber safety. We’ve broken down the process into a few key areas to help you find ways to insert the topic into different parts of your business as usual.
And for the bad news. Cyber safety is not a set and forget subject. You need to persistently talk about it, educate yourself and your people as things change, and find new and interesting ways to keep their attention.
We’ll share more about that in future blogs, but for now, let’s look at four foolproof tips that you can implement today to start your cyber safety conversation.
1. Make cyber safety an essential part of the business
Workplace cyber security training is at best a once a year exercise. During this long gap not only will your employees forget and disengage from the topic, but cyber criminals and cyber threats will have evolved and become that much more nuanced. This, combined with unaware employees, makes many organisations increasingly susceptible to cyber attacks.
Try to incorporate more frequent discussions about cyber security into your day to day business activities. They do not need to be extensive training days. Instead think ‘little and often’ and use tactics that will work best in your organisation.
2. Cyber safety is everyone’s responsibility
As an individual it’s easy to dismiss the importance of cyber security within the workplace. Isn’t it up to the IT team? Short story… no.
90% of cyber attacks are caused by human error, and this highlights the general lack of education and awareness around the topic.
It gets even worse and more evident when you overhear someone admitting that they use the same password for everything. Statistics show that 53% of people reuse passwords across different accounts. Over half of these people will actually reuse the password for 3-7 accounts, which often includes their work account.
This is a huge potential vulnerability, not only for the individual, but for your organisation.
Explain the role that your employees have to play in preventing cyber crime, and the possible results of cyber security breaches. Express the gravity of the situation in order to build a level of personal responsibility.
3. Keep the conversation going
It’s important that you keep talking about cyber security and don’t give up. Creating a sustainable cyber security communication strategy is a good start.
You need to find interesting ways to keep your people engaged and interested.
Talking about the impact on them is a particularly helpful technique so they can understand what impact a phishing scam might have on their personal information or data. By cultivating good cyber practices in their personal lives, they will automatically transfer this diligence to their work lives.
4. Drop the jargon
In order to raise employee awareness it is essential that you lose the jargon and use accessible language.
Your employees may be aware of the terms ‘phishing’, or ‘malware’, but start talking about a ‘DDoS attack’ and you may quickly lose your audience. Make sure to explain not only what these terms mean but importantly the impact they can have on individuals using plain English.
Here at Inside Out Communications Consulting, we specialise in communicating cyber security awareness in a way that makes sense and develops an understanding of the subject on a personal level.