How to start talking about cyber safety at work
10 easy ways to kickstart conversations with colleagues, peers and employees
Cyber crime is increasing at an alarming rate in the UK, with businesses reporting losses of £1.3bn to fraud and cyber crime between January and July of this year alone.
But there are ways to protect yourself and your business or organisation from these cyber crimes. Starting the conversation internally, is the biggest and most important hurdle to jump over. Here's our 10 top tips on how to kickstart cyber security conversations with your people.
1. Lead from the front
Think of the leadership team as brand ambassadors. If you want to start a lasting conversation around cyber safety, and go as far as creating a cyber vigilant culture, leadership must set an example of the behaviours you’re trying to encourage.
Set the tone from the top so it can trickle down through departments, teams and finally to individuals. Having the most senior people in your organisation support, and be advocates for, your cyber safety initiative means that your employees are more likely to turn their attention to what's being said.
2. Stay on message
It is also crucial that once you decide what your cyber safety message is, you stay on message. If you've got a group of leaders and five of them out of the six are doing the right thing but one of them is slacking, make sure they're stepping in line. Messaging needs to be consistent across the board.
If your new IT policy outlines the use of secure cloud storage for all company documents, but a few of the managers use USB sticks to bring up their presentation slides, which message is more likely to stick? How likely are your people to change their own behaviour? Without a united team effort your message and your expectations can become clouded.
3. Why, oh why?
Your people need to understand why you’re suddenly interested in talking about cyber safety at work, so share your reasons with them! Talk to them about what’s important, why it needs to happen, why now, and why you need them to turn their attention to it.
Tell them what's happening in the landscape, about threats targeting your industry, or about the latest scam that cyber criminals are using to target organisations like yours. Help people understand why it's relevant and why right now so that they can understand the gravity of the situation.
4. Start talking about cyber
If you take anything from this blog, it’s that you have to just start talking about cyber safety. Don’t worry if you don’t have all of your facts straight, or if you don’t have a long-term strategy set out*, there are still lots of things you can do.
Why not introduce articles about cyber safety to your employee newsletter? Or share a new cyber safety tip on the employee intranet once or twice a fortnight? You could even start each team meeting with a ‘Cyber Share’, and encourage your people to talk about what’s happening in this space for just a few minutes. This is all about making small sustainable changes which your organisation can stick to.
*we can help with this.
5. Tell stories
Did you know that stories are 22 times more memorable than facts? They are incredibly powerful, and make topics like cyber security relatable and human. Encourage your people to share any personal stories they have relating to cyber safety, or any lessons they've learnt which they can relate to the topic.
(For more on why storytelling is so effective, check out our recent blog).
6. Be clear about responsibilities
Whether your people are working from home, returning to the office, or moving between client sites, be clear about what this means for cyber security.
Do your people know that they shouldn't be leaving their computers open when they’re working from a coworking space? Do they know their responsibilities when taking company devices out of the country? What are the rules on connecting to ‘secure’ Wi-Fi networks when they’re working on a client site?
You can’t just assume that people know the right thing to do. Be mindful and outline clearly what their responsibilities and obligations are.
7. Celebrate fabulous behaviour
If people are reporting what they expect to be phishing, suspicious websites, or faulty software, then you’re doing your job well. But you need to celebrate these people so that they will continue to be vigilant online.
Whether that’s some company merch, a free coffee from the nearby café, or even an in-person shout out at the weekly meeting, encourage more of this behaviour by rewarding and celebrating it.
8. Champion the champs
You know those people who always go above and beyond to help others out? These are your Champions! Whether you have an official Cyber Safety Champions network, or just a select few individuals you can always count on to explain cyber to others, make sure you champion and celebrate these people.
Give them recognition and make sure that they are cared for and supported. They're doing a lot of the heavy lifting for you!
9. Protect with policies
Protect your newfound cyber safety culture with company policies. Make sure that all of the work you’re putting in is documented somewhere where people will expect to find it or can be directed to. Induction policies, IT policies, employee handbooks, the lot! And update these regularly.
10. Bring the outside in
Your people need to hear what's going on on the outside of the organisation, so that they can relate the importance of being cyber safe to their own personal and professional lives.
Share what’s going on on your doorstep, in the industry, or even on the other side of the world to help people be really vigilant and mindful. It contextualises this ‘thing’ that exists out there in the ether into something that's real and people can actually understand and get behind.
Let us do the work
Our cyber safety communications and behaviour change programme, CyberSafe, contains everything your people need to know to keep themselves and your organisation safe online. It follows science-backed change management and behaviour change methodologies, proven to support long-term behaviour change.
Getting your people on board and engaged with cyber safety is key to keeping your cyber security high, and your cyber security investments worthwhile. What are you waiting for?
Feeling stuck or need help bringing your communications ideas to life? Curious about what CyberSafe could do for your organisation? Send us an email email@example.com or visit our website insideoutconsulting.co.uk.