According to Accenture’s Cost of Cyber Crime Study, the average cost of cybercrime in the United States reached $21.22 million per organization last year (compared to $17.26 million the year before). But you can’t depend solely on your IT department for your cyber security. After all, a chain is only as strong as its weakest link. Improving cyber safety means increasing employee cyber security awareness throughout your entire business or school.
Here are the 6 top ways you can get your employees on board to increase engagement and improve employee cyber security awareness.
Do your employees or staff know:
- Working remotely using an unsecure Wi-Fi connection leaves computer vulnerable to attacks?
- Using personal, unsecured devices for work can open the door to compromising an organization’s network?
- What employees say and do on social media can be tracked by cybercriminals and used against them in the workplace?
Chances are, some if not all those points may surprise some people on your team. Most experts agree that the #1 key to cyber security compliance at a business or school is educating staff on the risks. For example, in addition to the above bullet points, does everyone on your team know how to spot a Phishing email (see our earlier blog post, How to Spot a Phishing Email), or the risks of using a thumb drive (see our post, USB Security Risks: When Flash Drives Become Dangerous)? An educated team, with increased employee cyber security awareness, makes for a more secure organization.
- Assign Mandatory Training
Recently we came across an article in Forbes Magazine that recommended, “Employees and management from all industries should be assigned mandatory cyber security compliance training every year.” This requirement can be administered with computer-based training modules and tied into annual reviews. When implementing training you’ll want to ensure executive and management support, a way to
measure success, and also consider incentivizing participation (for more information, check out our earlier blog post, We’re Only Human: The Importance of Security Awareness Training.)
You may want to work with an outside partner to implement training, such as DYOPATH. We’re well versed in educating and training staff in the most up-to-date cyber security best practices.
- Establish and Promote Simple Procedures
Often, employees are happy to follow procedures if they are aware of them, and they are easy understand. Create organization-wide procedures for your team to follow. Make sure they are functional, actionable and simple.
Once you have those procedures in place, figure out the best way to communicate them within the organization. Keep communication friendly and avoid hard-to-understand cyberspeak. Says Ashwin Ramasamy, co-founder of marketing intelligence company PipeCandy, “We use comic book-like imagery and sci-fi and comic language in posters across the office that reinforces the message without being suffocating.” Choose a method of communication that will resonate with your team.
- Encourage Reporting of Incidents
The best-trained employees can still fall for a hacking ploy from time to time, such as opening a file or clicking a link without thinking. Even IT professionals fall for these tricks. But if a user feels foolish for falling for an attack, and are embarrassed, he or she is less likely to report it. Create a reporting system that rewards staff for reporting suspicious messages, and that allows them to share mistakes without penalty or stigma.
- Have Employees Manage Initiatives
Rather than protocols created only by management, make cyber security policy an employee-managed initiative. Create a committee with representatives from every department, and make it their responsibility to set procedure, communicate policy and enforce compliance. Department participation, where everyone feels included, helps ensure individual buy-in.
- Make Awareness a Part of New-Employee Orientation
Employees expect to learn rules and processes when they start a new job and making cyber security a part of their new-employee orientation stresses its importance, and immediately lays the groundwork for your expectations. An employee handbook is also a great place to publish protocols and procedures.
Your Employee Cyber Security Awareness Partner
To implement an employee cyber security awareness program, it helps to have a proven partner. DYOPATH has helped countless businesses, schools and other organizations create a robust, living program that connects employees and staff to best practices. We can help you create a functional and effective cyber-threat strategy for your school or business. DYOPATH Security offerings are extensive, collaborative and modern.