Want a mind blowing statistic? In 2020, 90% of cyber security breaches were caused by human error.
Coincidentally, the average UK cyber security budget is around £645,000, and is increasing year by year. It’s clear that despite such investments the human element continues to be the biggest threat for businesses.
The issue is often that other than sitting an annual cyber security refresher course, most people don’t give cyber safety another thought. This is why keeping the conversation going around cyber safety is absolutely essential to building and maintaining cyber security awareness within your organisation.
As we continue our Cyber Security from the Inside Out series, we have summarised some techniques to help you create an ongoing dialogue about cyber safety with your people.
Visual content is vital
You may have heard the controversial statistic that our attention spans are dwindling - so much so that they are now shorter than that of a goldfish (8 seconds to be precise).
The good news is that our attention spans are actually task-dependent, but it is scientifically proven that we are visual creatures. In 2014, neuroscientists from the Massachusetts Institute of Technology found that the brain can identify images seen for as little as 13 milliseconds. We can actually process visual content 60,000 times faster than text.
Use this to your advantage - visuals such as images, posters or infographics are incredibly important to get your message across quickly and to make it stick. Think like a marketer whose product is cyber safety awareness: feed and ‘sell’ your content throughout the organisation. It’s a serious topic but that doesn’t mean you can’t have fun with it.
Keep visuals light and memorable. Something as simple as an angry cartoon character looking at a computer screen with the message ‘Opening an email from a new contact? Stop and think’ can be more effective than a lengthy email about watching out for phishing scams.
Create a series of these - repetition leads to memory which creates awareness. Distribute them around your workplace, on your intranet, or your company social media. This will help you to have ongoing conversations and to create top of the mind cyber safety awareness.
Here are some examples of what we mean:
Spot the cyber security threat.
Using the ‘hover’ technique to check links.
Questions to ask yourself when opening an email.
Think topically
Keeping up with cyber news and sharing articles with your organisation in a succinct manner is also a great way to keep your people interested. Appearing knowledgeable and informed about current events also means that your employees are more likely to believe that what you have to say is important and take time to listen to you.
Recent news of the Colonial Pipeline boss paying a huge $4.4 million ransom to a cyber criminal gang is enough to make your people stop and think about their role in fighting cyber crime and their responsibilities as employees.
Why not use the story of ethical hacker Victor Geves to create a conversation around password safety? Geves claims that in October 2020 he was able to log into Donald Trump’s Twitter account by guessing his password - maga2020! The White House denied the claims at the time but an investigation by Dutch prosecutors found that Geves did successfully log into the former President’s account.
With cyber crime on the rise there is always something out there. Share these stories with your employees to highlight real-life cases of cyber attacks and to humanise the subject. This will hopefully help them to be more vigilant.
Create company guidelines
Having a clear set of company checklists when it comes to cyber security can also help you maintain a focus within your organisation.
PayPal helps individuals stay safe while using their services by offering 5 hints that an email may be suspicious. You can do something similar for your people.
Update these guidelines regularly and have your employees read through them with their line managers - why not create visual content to represent the guidelines for even better memorability?
Presenting your employees with tailored and branded content shows them that cyber security is a focus for the organisation, and makes it an integral part of your business. Lead by example, show that you care and they will follow.
Let us do the work
Our cyber safety communications and behaviour change programme, CyberSafe, contains everything your people need to know to keep themselves and your organisation safe online. It follows science-backed change management and behaviour change methodologies, proven to support long-term behaviour change.
Getting your people on board and engaged with cyber safety is key to keeping your cyber security high, and your cyber security investments worthwhile. What are you waiting for?
Feeling stuck or need help bringing your communications ideas to life? Curious about what CyberSafe could do for your organisation? Send us an email hello@insideoutconsulting.co.uk or visit our website insideoutconsulting.co.uk.