Cybersecurity isn’t something that should fall exclusively with CISOs and IT pros. Rather it is something that impacts employees from the mailroom to the cushy corner office. You see it just takes one misstep from anyone on that spectrum for a hacker to get into your systems
With that in mind, it is important to tackle the daunting task of keeping your employees educated. To help ease this process, we’ve put together some tips to help your business to better educate your employees on the risks they face every day.
Address your audience in a friendly manner
Your audience is not going to absorb what you say if you refer to them in an impersonal way. Calling anyone a “user” will instantly turn them off and make them far less supportive of the things you are trying to teach them. Words like “employee,” “colleague” or “person” go over much better. And remember, they are not much different from you – we are all humans, and we are all making mistakes. So it’s about US, not THEM.
Use the right tone of voice
It is important to be approachable and deploy a friendly tone of voice. This will encourage your employees to actually listen to the things you tell them and communication will be far more effective. A more aggressive tone will put off employees and make them less likely to listen to what you’re telling them.
You need to admit that when user/human is violating the security rules, he is doing this because he wants to do something positive for him, in most cases, he is willing to make his job done, in the way they understand what and how they might do it. Its critical to admit that the user intentions are legitimate, and you goal is not to forbid, but to change their point of view on the possible actions and possible consequences, not to dictate them “do not do this”.
— Kaspersky (@kaspersky) January 20, 2016
Get support from HR and legal teams
While it would be great for IT pros to be able to write and implement cybersecurity policies, it is not often the case in organizations. You see to implement something, the folks in HR and legal teams need to be in place for compliance and execution reasons. In addition, they are able to get involved in the case of a breach actually occurring and could provide much-needed support thus reducing the risk of a “paper tiger” policy. Engage and educate them first, so they can spread the message further.
Keep colleagues informed
You should make it a point to host regular meetings and share communications on a consistent basis for cybersecurity updates. Make them memorable so that employees enjoy your regular reminders, not “filter” them out. Remember, what is not being discussed, does not stay in the people’s minds.
10 tips to boost cybersecurity awareness in your company #protectmybizTweet
Use your imagination
No one likes a bad and boring presentation. Making the presentations more creative and interesting will lead to a higher level of employee engagement, which will make employees far more likely to remember the policies they are being taught. Comic strips, posters, quizzes, or any other creative idea you can think of will be very helpful in getting your message out.
And, even more important, address the user concerns (i.e. start with acknowledgment of what user is normally willing to do when he is about to violate the policy). Understand the Devil’s arguments, and then use it to transform the user motivation – by giving them examples of possible consequences and examples of safer behavior in the same situations. Use both rational and emotional arguments, use analogies for non-cyber incidents, and give simple but effective examples, which are close to user “normal life” experience.
Review your efforts
Make sure your colleagues are retaining the information you have taught. Try testing them from time to time with quizzes or other tools to really see how well they remember things.
— Kaspersky (@kaspersky) January 6, 2016
Make it personal
Any way that you can connect security back to the interest of your colleagues will be extremely beneficial to their learning. A good example is discussing how security breaches could affect their mobile devices.
Cybersecurity has a lot of complex terms that are not always the most easy to comprehend. To increase audience participation and retention, explain the information in a simple manner that is easy to understand. Most others will not have the same depth of knowledge that you do, so it is important to ensure they understand things.
Encourage an open dialogue
Make sure everyone understands how important it is to keep IT and management informed about a potential security breach. Many fear they will be punished for accidentally opening a phishing link and therefore don’t tell anyone once it has happened. Your team is there to help, let them know that.
Consult the marketing team
Sometimes you have to call in an expert. Your main role is security, not branding or marketing. To help your presentation sell more, consider consulting your marketing or communications team. They may have some tips to take your presentation 0-60 quicker than a Ferrari.
Following all of these tips will be extremely beneficial in ensuring that all employees stay informed, up-to-date, and well-engaged on issues of cybersecurity.