10 tips to get employees into cybersecurity awareness training
Cyberattacks are growing. Here's how to get employees on board with cybersecurity.
The way we use technology in today’s business world allows us to do amazing things. Companies rely on technology to keep their employees connected and store and transfer incredible amounts of data. More than ever, employees are able to work remotely and business transactions can be handled right from a smartphone.
However, all of this technology comes with an added risk. One cybersecurity study found that in 2018, as many as 62% of businesses worldwide experienced phishing or social engineering attacks.
The risk of a cyberattack is increasing all the time, yet it can be frustratingly difficult for IT pros to enact proper cybersecurity protocols within their company. Why? Because not everyone fully understands the risks, and if everyone’s not on board, your plan will have weak spots.
To make any cybersecurity plan effective, you must have the whole company on board. While it’s never easy, it is possible. Here are 10 tips to help you get everyone in your company on board with your cybersecurity plan.
1. Get buy-in from the top
Like it or not, you have to start here. Any cybersecurity plan is going to cost the company money. From antivirus software to the personnel hours it will take to properly train people, cybersecurity is a significant expense.
To get the bosses on board, you need to justify the expenses. Some statistics worth noting:
- On average, hackers attack every 39 seconds
- The average cost of a data breach to a retail business in 2019 was $6.4 million
- Other business sectors like healthcare, technology and education were higher
- 94% of malware is delivered by email
- 43% of breaches involved small businesses
Once you convince the powers that be that paying upfront for solid cybersecurity is much more affordable than the consequences of not doing so, you’re ready to start implementing your security plan.
2. Get to them early
Just like it’s easier to teach children than adults, it’s easier to get new employees on board than it is to train existing employees. Establish a solid cybersecurity training plan for new employees and get with your human resources team to make it a standard part of the onboarding process.
By showing new hires a solid plan and letting them know how serious your company is about cybersecurity, you can get them started on the right foot before they develop any bad habits that could lead to a breach.
3. Make it real
For many employees, the idea of cybersecurity is something that is handled by another department and doesn’t affect them. Changing this mindset isn’t easy, but it’s possible.
The first thing you need to do is to make it real for them. Make it personal. Help them understand what could happen if there was a data breach at your company. How much money would the company lose? Would that lead to lost jobs? Would bonuses go out the window?
Once they understand how a breach would actually affect them, they’ll likely take it a lot more seriously.
The next step is to teach them their role in the plan. Cybersecurity isn’t something the IT department can do alone. Again, make it personal. What about their specific job leaves them vulnerable to attack? They’re more likely to buy into cybersecurity if they understand their role in it.
4. Break it down
Don’t bombard employees with packets of information or a 3-hour session on cybersecurity. It’s too much all at once.
Imagine standing against a wall. Someone stands 10 feet away from you and says, “I want you to catch 5 of these 10 balls,” then he throws all 10 of them at you at once. If you’re lucky, you might catch one ball.
If that same person throws them to you one at a time, you may catch every single one.
That’s how you should deliver your cybersecurity training. Yes, it may take more man-hours, but if you can teach them one important step at a time, there’s a much better chance they’ll understand it and appreciate it’s significance.
5. Provide continued training and simulations
Once an employee has gone through cybersecurity training, they’re good, right?
Maybe for right now, but training needs repeated and updated as technology changes. These updates should happen more than just once per year.
Develop a plan to have quarterly security training or a least hold training a couple times per year to keep it fresh on employees’ minds and keep their information up to date.
6. Develop accountability
One of the difficult factors in establishing a cybersecurity plan at any company is the mentality that it’s the IT team’s responsibility to keep things safe.
OK, IT almost plays the role of the head coach in the cybersecurity game. Like the coach, the IT department can design the gameplan, but it needs the players on the field to execute that gameplan to get results.
When you train each employee, make sure they know what’s expected of them when it comes to protecting their passwords, avoiding suspicious emails, etc. Also, let them know what’s at stake for them. If they know they’ll be held accountable for their part of the program, they’re a lot more likely to get on board.
7. Using VPNs reduces pressure on them
More employees are working remotely than ever before, and that number is sure to rise in the coming years. This means it’s essential to have a virtual private network in place. A solid VPN is a simple way to protect information passing between employees when they are logged in outside the office.
How does this help employees get on board with your security program? It takes a lot of bad choices out of their hands.
If they have to log in with a VPN, you eliminate the risk of them using unsecured networks, logging into suspicious sites and many other high-risk behaviors.
8. Reward them for diligence
People like rewards, even if it’s for doing what they should be doing anyway.
When you budget your cybersecurity program, include a slush fund for prizes like gift cards or even cash. Then, set up a program where employees who report malicious emails, pass random tests or consistently change their passwords receive prizes for their diligence.
This type of positive reinforcement is sure to get employees on board with your cybersecurity program.
9. Be good cops, not bad cops
A part of cybersecurity involves monitoring web activity among employees -- that’s just a fact. However, it’s pretty common for employees to think you’re watching their every move and ready to tell the boss if they take two minutes to check last night’s NBA scores.
Be upfront and honest about how and why you monitor employee’s web time. Let them know you’re all on the same side and there is good reason for what you do. Being nosy isn’t one of the reasons.
10. Be available and friendly
Sometimes the IT department becomes rarely seen unless desperately needed. When that happens, people tend not to call on IT until things have gotten way out of hand.
Be proactive and get to know people. Be friendly and let them know you and your team are there for anything they need help with or any questions, no matter how basic.
If you become a known face and a friendly helper, folks around the office are more likely to feel comfortable reporting something suspicious.
Four cyber security essentials that your board of directors wants to know
The insights to help you deliver what they needDownload now
Data: A resource much too valuable to leave unprotected
Protect your data to protect your companyDownload now
Improving cyber security for remote working
13 recommendations for security from any locationDownload now
Why CEOS should care about the move to SAP S/4HANA
And how they can accelerate business valueDownload now