10 tips to get employees into cybersecurity awareness training

Cyberattacks are growing. Here's how to get employees on board with cybersecurity.

The way we use technology in today’s business world allows us to do amazing things. Companies rely on technology to keep their employees connected and store and transfer incredible amounts of data. More than ever, employees are able to work remotely and business transactions can be handled right from a smartphone.

However, all of this technology comes with an added risk. One cybersecurity study found that in 2018, as many as 62% of businesses worldwide experienced phishing or social engineering attacks. 

The risk of a cyberattack is increasing all the time, yet it can be frustratingly difficult for IT pros to enact proper cybersecurity protocols within their company. Why? Because not everyone fully understands the risks, and if everyone’s not on board, your plan will have weak spots.

To make any cybersecurity plan effective, you must have the whole company on board. While it’s never easy, it is possible. Here are 10 tips to help you get everyone in your company on board with your cybersecurity plan.

1. Get buy-in from the top

Like it or not, you have to start here. Any cybersecurity plan is going to cost the company money. From antivirus software to the personnel hours it will take to properly train people, cybersecurity is a significant expense. 

To get the bosses on board, you need to justify the expenses. Some statistics worth noting:

Once you convince the powers that be that paying upfront for solid cybersecurity is much more affordable than the consequences of not doing so, you’re ready to start implementing your security plan. 

2. Get to them early

Just like it’s easier to teach children than adults, it’s easier to get new employees on board than it is to train existing employees. Establish a solid cybersecurity training plan for new employees and get with your human resources team to make it a standard part of the onboarding process. 

By showing new hires a solid plan and letting them know how serious your company is about cybersecurity, you can get them started on the right foot before they develop any bad habits that could lead to a breach.

3. Make it real

For many employees, the idea of cybersecurity is something that is handled by another department and doesn’t affect them. Changing this mindset isn’t easy, but it’s possible.

The first thing you need to do is to make it real for them. Make it personal. Help them understand what could happen if there was a data breach at your company. How much money would the company lose? Would that lead to lost jobs? Would bonuses go out the window? 

Once they understand how a breach would actually affect them, they’ll likely take it a lot more seriously.

The next step is to teach them their role in the plan. Cybersecurity isn’t something the IT department can do alone. Again, make it personal. What about their specific job leaves them vulnerable to attack?  They’re more likely to buy into cybersecurity if they understand their role in it.

4. Break it down

Don’t bombard employees with packets of information or a 3-hour session on cybersecurity. It’s too much all at once.

Imagine standing against a wall. Someone stands 10 feet away from you and says, “I want you to catch 5 of these 10 balls,” then he throws all 10 of them at you at once. If you’re lucky, you might catch one ball. 

If that same person throws them to you one at a time, you may catch every single one.  

That’s how you should deliver your cybersecurity training. Yes, it may take more man-hours, but if you can teach them one important step at a time, there’s a much better chance they’ll understand it and appreciate it’s significance. 

5. Provide continued training and simulations

Once an employee has gone through cybersecurity training, they’re good, right? 

Maybe for right now, but training needs repeated and updated as technology changes. These updates should happen more than just once per year.

Develop a plan to have quarterly security training or a least hold training a couple times per year to keep it fresh on employees’ minds and keep their information up to date.

6. Develop accountability

One of the difficult factors in establishing a cybersecurity plan at any company is the mentality that it’s the IT team’s responsibility to keep things safe. 

OK, IT almost plays the role of the head coach in the cybersecurity game. Like the coach, the IT department can design the gameplan, but it needs the players on the field to execute that gameplan to get results.

When you train each employee, make sure they know what’s expected of them when it comes to protecting their passwords, avoiding suspicious emails, etc. Also, let them know what’s at stake for them. If they know they’ll be held accountable for their part of the program, they’re a lot more likely to get on board.

7. Using VPNs reduces pressure on them

More employees are working remotely than ever before, and that number is sure to rise in the coming years. This means it’s essential to have a virtual private network in place. A solid VPN is a simple way to protect information passing between employees when they are logged in outside the office. 

How does this help employees get on board with your security program? It takes a lot of bad choices out of their hands. 

If they have to log in with a VPN, you eliminate the risk of them using unsecured networks, logging into suspicious sites and many other high-risk behaviors. 

8. Reward them for diligence

People like rewards, even if it’s for doing what they should be doing anyway. 

When you budget your cybersecurity program, include a slush fund for prizes like gift cards or even cash. Then, set up a program where employees who report malicious emails, pass random tests or consistently change their passwords receive prizes for their diligence. 

This type of positive reinforcement is sure to get employees on board with your cybersecurity program.

9. Be good cops, not bad cops

A part of cybersecurity involves monitoring web activity among employees -- that’s just a fact. However, it’s pretty common for employees to think you’re watching their every move and ready to tell the boss if they take two minutes to check last night’s NBA scores. 

Be upfront and honest about how and why you monitor employee’s web time. Let them know you’re all on the same side and there is good reason for what you do. Being nosy isn’t one of the reasons.

10. Be available and friendly

Sometimes the IT department becomes rarely seen unless desperately needed. When that happens, people tend not to call on IT until things have gotten way out of hand. 

Be proactive and get to know people. Be friendly and let them know you and your team are there for anything they need help with or any questions, no matter how basic. 

If you become a known face and a friendly helper, folks around the office are more likely to feel comfortable reporting something suspicious.

Featured Resources

Four cyber security essentials that your board of directors wants to know

The insights to help you deliver what they need

Download now

Data: A resource much too valuable to leave unprotected

Protect your data to protect your company

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

Most Popular

46 million Animal Jam accounts leaked after comms software breach
Security

46 million Animal Jam accounts leaked after comms software breach

13 Nov 2020
macOS Big Sur is bricking some older MacBooks
operating systems

macOS Big Sur is bricking some older MacBooks

16 Nov 2020
Huawei Mate 40 Pro 5G review: A tragically brilliant Mate
Mobile Phones

Huawei Mate 40 Pro 5G review: A tragically brilliant Mate

26 Nov 2020