Cyber risk reduction not only relies on technology, but also depends on people-centric solutions. In an IDG study, 98% of respondents agreed with the statement ‘the human employee is the weakest link when it comes to cybersecurity’. It’s the people who are at ‘eye-level’ whose actions will most directly influence organizational security outcomes.
“If you actually want to fix security at an organization, you have to sell it from the bottom up,” says one CISO.
Twenty-five percent of employees have clicked on a phishing link while working, and nearly 47% did so on account of environmental distractions.
How to expand cyber security awareness?
- Stories. One way to get the message across is by using stories. Most people inherently relate to stories more so than data. Incorporate some humor into your stories too, as studies indicate that laughter leads to learning.
- Gamify security awareness. Consider using a leader board to track who’s most effectively implementing cyber security best practices. Competition converts, as no one wants to be seen as the person who’s not a team player.
- Create cyber security challenges. You can pit one department against another and see which one is better at __(fill in the blank, based on your own organization’s needs)__. Reward the team that wins. This can lead to behavioral changes and information absorption.
- Onboarding programs. Consider putting cyber security front and center during employees’ first days or weeks on the job. A cyber security program during onboarding will set the expectations for the rest of employees’ tenure.
For more information on how humans are the weakest link and what you can do in terms of managing risk, check out these on-demand talks.