{"id":29183,"date":"2019-11-11T05:12:46","date_gmt":"2019-11-11T10:12:46","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?post_type=emagazine&#038;p=29183"},"modified":"2021-03-11T03:42:43","modified_gmt":"2021-03-11T08:42:43","slug":"security-awareness-business-2019","status":"publish","type":"emagazine","link":"https:\/\/www.kaspersky.com\/blog\/secure-futures-magazine\/security-awareness-business-2019\/29183\/","title":{"rendered":"How to build a better cyber-aware culture at work"},"content":{"rendered":"<p>Your employees are one of the biggest risk factors when it comes to your business and cybersecurity. You can lecture them, make them take online tests, even install software on their machines, but one rogue click on a <a href=\"https:\/\/www.kaspersky.com\/resource-center\/threats\/spam-phishing\" target=\"_blank\" rel=\"noopener nofollow\">phishing email<\/a> could cost your business dearly. The answer: build a robust cybersecurity awareness culture to keep your business safe.<\/p>\n<h2>When was the last time you inspired your employees about cybersecurity?<\/h2>\n<p>You might\u2019ve given a presentation, or delivered a series of online tests for people who, most probably, didn\u2019t pay it their full attention. Ask yourself, if you said \u201ccybersecurity awareness session,\u201d would employees A: be excited and engaged, B: see it as a chance to switch off, or C: be more worried about pressing deadlines to pay full attention? If you answered A, well done \u2013 you\u2019re already building a cyber-aware organization. If you answered B or C, you need to change the dynamic from one-off training to a more embedded cultural of cyber-awareness.<\/p>\n<h2>Culture, not lectures<\/h2>\n<p>I worked at a firm years ago, one of their biggest rules: the phone never rings a fourth time. So for every member of staff, as soon as we stepped into that office, we knew the drill. And nobody had to teach new members of staff to do it \u2013 they could see for themselves what was expected of them. We just did it instinctively. It was part of our culture which became a habit.<br>\n<\/p><blockquote><p>Strong cybersecurity cultures aren\u2019t built on one-off lectures about how dangerous the cyber-world is, they are built on engagement and habit.<\/p>\n<\/blockquote><br>\nThink of cybersecurity best practice like clearing out your cupboards \u2013 you do it once, but inevitably you\u2019ll need to repeat it on a regular basis. Or to get more specific, it\u2019s like putting anti-virus software on a computer and never updating it. Strong cybersecurity cultures aren\u2019t built on one-off lectures about how dangerous the cyber-world is, they\u2019re built on engagement and habit.\n<h2>How to engage your employees and protect your business<\/h2>\n<p><img decoding=\"async\" class=\"aligncenter size-large wp-image-29194\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2019\/11\/11051024\/Security_Awareness_Training_Inline-1-1024x773.jpg\" alt=\"Security Awareness Training\" width=\"1024\" height=\"773\"><br>\nFirstly, if you have the funds, invest in IT talent. By appointing someone who\u2019s in charge of protecting your business, monitoring threats and educating your staff, your business will be better equipped to deal with cyberattacks. And make sure your IT teams have the training in <a href=\"https:\/\/www.kaspersky.com\/enterprise-security\/threat-intelligence\" target=\"_blank\" rel=\"noopener nofollow\">threat intelligence<\/a> and the right technologies in hand to spot and act on threats.<\/p>\n<p>But what if you\u2019re a small medium-sized businesses (SMB) with limited resources, and perhaps none or few dedicated IT specialists? Think bite-sized: small, but frequent. As you build momentum in the office, people will become more aware of what you\u2019re trying to do.<\/p>\n<p>For example, a poster with five ways to stay cyber-safe will catch people\u2019s eyes if you put it somewhere public, like the kitchen sink \u2013 next to your other safety at work signs. Or think about your procedures. As <a href=\"https:\/\/www.kaspersky.com\/resource-center\/definitions\/spear-phishing\" target=\"_blank\" rel=\"noopener nofollow\">spear phishing emails<\/a> \u2013 in which hackers assume the identity of a member of your staff \u2013 become more prevalent in targeted attacks. Giving multiple people the responsibility to sign off financial transactions, could stop identity thieves in their tracks. Rewarding colleagues and employees can go a long way too. Who has reported the most phishing emails, for example? A gift voucher prize should keep everyone keen to report them.<\/p>\n<p>And while you\u2019re at it, encourage other more security awareness practises in the workplace, like questioning when unknown people are in the building, and avoiding <a href=\"https:\/\/www.kaspersky.com\/blog\/secure-futures-magazine\/digital-clutter-data-management\/28023\/\" target=\"_blank\" rel=\"noopener nofollow\">digital clutter<\/a> like confidential information on the printer or unsecured data sticks.<\/p>\n<p>Ultimately, the most effective way to build a better cybersecurity culture is regularity. My top tip: run short activities often \u2013 lessons, tests, simulations, even treasure hunts or a meeting room transformed into a \u2018cyber-escape room\u2019 for the day. Frequently give employees a digestible amount of information. They\u2019ll get small enough bites of information to integrate into their daily work while building a foundation for a strong cybersecurity culture. The result? Stronger protection for your business.<\/p>\n<p><em>For more tips on security awareness and workplace cybersecurity best practise, read <a href=\"https:\/\/www.kaspersky.com\/blog\/best-practices-for-workplace\/24531\/\" target=\"_blank\" rel=\"noopener nofollow\">an interview with Barton Jokinen<\/a>, Kaspersky\u2019s\u00a0Head of Information Security and Compliance for the Americas.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cyberattacks: your employees can be your strongest defense or your biggest weakness. Here\u2019s why building a cybersecurity aware culture is better for business. <\/p>\n","protected":false},"author":2522,"featured_media":29193,"template":"","coauthors":[3495],"class_list":{"0":"post-29183","1":"emagazine","2":"type-emagazine","3":"status-publish","4":"has-post-thumbnail","6":"emagazine-category-cybersecurity-training-cybersecurity","7":"emagazine-category-safer-business","8":"emagazine-category-small-business","9":"emagazine-tag-security-awareness","10":"emagazine-tag-training"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/secure-futures-magazine\/security-awareness-business-2019\/29183\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/secure-futures-magazine\/security-awareness-business-2019\/21900\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/secure-futures-magazine\/security-awareness-business-2019\/20262\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/secure-futures-magazine\/security-awareness-business-2019\/18713\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/secure-futures-magazine\/security-awareness-business-2019\/16950\/"}],"acf":[],"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/emagazine\/29183","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/emagazine"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/emagazine"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/2522"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/29193"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=29183"}],"wp:term":[{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/coauthors?post=29183"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}