5 ways to communicate cyber security with staff

5 ways to communicate cyber security with staff

With security threats evolving at a rapid place, organisations must regularly communicate with their employees about potential risks, and educate them about cyber security best practices.

Whether they mean to or not, employees pose a huge threat to cyber security. According to research by IBM, an astounding 95% of cyber security incidents can be traced back to human error. An organisation’s best line of defence is to address this ‘human factor’, rather than to rely solely on technology to safeguard against hackers.

WIth that in mind here are five ways to keep the lines of communication open.

1. Send regular cyber security updates (via email)

Ensure security is at the forefront of your employee’s minds by sending cyber security emails on a regular basis. Try to make these interesting and informative, with practical tips for staying secure. If possible, these emails should be informed by your IT department, but written by your marketing team (to ensure they are clear, concise and easy-to-read).

Another tip is to send these emails at the same time every week, month or quarter. This way, your employees will know when to expect them (and hopefully set some time aside in their schedule to bring themselves up to speed).

Have team leaders quiz staff about the contents of each email, to make sure everyone is reading them, not just moving them to the trash folder.

2. Create cyber security KPIs

Incorporate cyber security into employee performance reviews. Staff will likely be more motivated to abide by cyber security rules if they know it will have a direct impact on their performance.

This strategy is strongly supported by former CIA chief technology officer Bob Flores. Speaking at an IT event in Melbourne earlier this year, he said:

“Everyone in the company should have, as part of their performance evaluation, how they treat security. Employees have to be educated about security, and they have to be educated again and again and again. You can’t do it once as they come into the organisation, they have to learn about it until they retire.”

Some examples of cyber security KPIs include number of websites blocked, percentage of virus incidents, and percentage of spam emails detected.

3. Hold regular training sessions

Run regular workshops about cyber security in the workplace. These could be facilitated by your IT department, or in smaller companies, by an external IT agency. Whether you have the budget for a 1-hour presentation or a 1-day interactive workshop, every effort counts.

The aim is to keep cyber security top-of-mind for all your employees and to foster a culture of being informed and well-educated. Investing in training sessions is a way to show your employees that cyber security is more than just ‘talk’; that it’s a top priority within your organisation.

4. Encourage questions and feedback

There is a lot of fear surrounding cyber security, but try your best not to let this permeate your organisation. While your employees should take cyber security seriously, if they are too scared to ask questions this could cause them to make more mistakes.

Cyber security is a challenging topic, and many people may find it tough to get their head around. Encourage people to ask questions and submit feedback. You could even create a system where people can submit anonymous enquiries. Try to develop a culture based on trust and communication as opposed to fear.

5. Make cyber security information impossible to ignore

When it comes to protecting your organisation from security threats, there’s no such thing as too much communication. Place visual reminders about important cyber security practices throughout the office. Add cyber security to meeting agendas on a monthly or quarterly basis. Randomly quiz employees about their knowledge to make sure the message is getting through.

Although this might sound tedious, it will help you create a culture that takes cyber security seriously; and the cost savings of this can be enormous.

Keen to understand more about Online Security Protection for New Zealand businesses? Download our latest eBook - it's FREE!