According to a Willis Towers Watson Cyber Risk survey, 61% of cyber security breaches that happen in companies are a result of employee negligence. These include things like lost laptops and the accidental disclosure of information. So how can companies mitigate costly cyber risks? By building a corporate culture of cyber awareness.
Why you need to educate staff about cybersecurity
An engaged and informed workforce is more likely to flag a security incident which could otherwise result in disruption, significant financial losses and reputational damage. However, there are still plenty of companies - and business leaders - who haven’t recognized the direct link between cyber security, company culture and employee engagement.
It’s important to make sure your employees are aware of all the ways that cyber criminals could infiltrate your business. With this knowledge, they will become adept at recognizing anything out of the ordinary, from unexpected emails to unusual requests from stakeholders - both in-house and external.
What you should be teaching your staff
It’s advisable to thoroughly train your staff on matters of cybersecurity, and to keep their understanding fresh and up to date. To do this, conduct regular cybersecurity training sessions that include aspects such as the following;
Use safe passwords
Passwords should be changed regularly and be difficult to guess. Today, some of the most common passwords used are still things like ‘123456’ and ‘password’.
Delete sensitive information
When it’s no longer needed, good practice is to delete documents containing any confidential information. It can’t be stolen if it’s not there.
Lock computer screens
It could only take a matter of seconds for an experienced hacker to obtain information from an unattended computer. So when employees leave their desks ‘just for a minute’ to pop and get a glass of water, they should first be locking their screen.
You can’t always rely on your email provider to detect scam emails, so it’s important to teach your staff to question unexpected messages that land in their inbox. If there’s uncertainty, avoid clicking through to anything external from a link in the email.
Inform the IT manager of suspicious activity
Sadly, as well as user-error and negligence, some staff members may be tempted to carry out malicious acts at work. This could be by obtaining company or colleagues’ bank details for their own gain, or by copying sensitive information to take home for unlawful use. All employees should feel encouraged and able to approach management if they see anything suspicious.
Your company IT policy should also cover these points, helping to create a culture of IT security from the outset - the employee’s first day working with you.
How to maintain a curious, cyber-secure culture at work
It’s all very well providing training and educating your staff on the various aspects of how to stay cyber-secure, but it’s imperative that this training resonates and is adhered to throughout their employment with you. The best way to achieve this is to bring cybersecurity into everyday discussion. Consider the following methods to achieve this:
Hold regular IT security training refreshers.
These could be biannually or even quarterly, and need not be as extensive as the original training but rather provide a quick overview of each point.
Include a mention of cybersecurity in team meetings.
An easy way to remind your staff of the significance of cybersecurity is to bring it up in weekly, fortnightly, or monthly team meetings. A simple question such as ‘has anyone seen anything suspicious recently’ could be enough to reiterate your concern.
Inform your employees about topical cybersecurity concerns.
Good practice is to always keep your ear to the ground in order to find out about any recent cybersecurity breaches that other companies have experienced. As and when you discover these, communicate the incidents to your staff so they fully understand what a serious issue cybersecurity is.
Cybersecurity should be everyone’s concern. All too often those in the C-Suite disregard or don’t appreciate how important it is to educate all employees about how to be cyber safe, rather than just the IT team. While security software does work hard to protect your data, this alone may not be enough. Developing a well-ingrained culture of cybersecurity in the workplace is a must if you want to achieve a steadfast human firewall as well.