Devin Partida writes about cyber security and technology. She is also the Editor-in-Chief of ReHack.com.
Cyber security awareness is the key to protecting your company from today’s rising security threats. Tackling cyber security awareness at the company-wide level might seem like a daunting task. However, there are some easy steps you can take to get started.
COVID-19 sparked a parallel cyber security pandemic that has been ongoing since 2020. Remote work is increasing the likelihood of breaches, with an estimated 47% of employees likely to click on a phishing attack while working from home. With remote and hybrid work here to stay, companies must adapt and prioritize security like never before.
1. Offer engaging training
A common mistake in cyber security training is approaching it as an event rather than a continuous program. Creating a cyber security training program that is ongoing, motivating, and engaging can make a huge difference in terms of company-wide awareness.
Engaging cyber security training must go beyond lectures and pamphlets. Look for ways to get employees involved, such as through hands-on activities. Show employees how cyber security impacts their lives and careers, rather than approaching it as an abstract topic. Consider customizing training programs for specific roles too.
One training strategy that has gained popularity recently is gamification. This training technique gets employees engaged through game-like activities and friendly competition. For example, offer a bonus vacation day to the department that logs the most hours in your company’s online cyber security course. While the competition is in-progress, employees can keep track of who’s winning on a company-wide scoreboard.
2. Lead by example
Employees look up to company leaders to see what their company values and prioritizes. Building cyber security awareness needs to happen from the top down. Make it a pillar of your company culture. Ensure higher-ranking employees are demonstrating and promoting good security practices.
Along with C-level executives, bring in department heads, managers, supervisors, and other company role models. Lower-level leaders who interact closely with employees are well-positioned to communicate naturally with their teams. This allows leadership to meet employees where they are and demonstrate good security practices on a daily basis.
3. Bring in an expert
One great way to get employees interested in cyber security is by hosting an event with a security expert. Many leaders in the cyber security industry are enthusiastic about educating others on their area of expertise.
Finding an expert with noteworthy experience can help attract employees to a lecture, seminar, or training event with your guest. For example, even Alex Stamos — a security leader from Facebook with hands-on experience at the pinnacle of today’s tech world — is available to speak at organizational functions. Facebook’s name recognition would go a long way toward sparking interest among employees.
Additionally, hiring a guest speaker demonstrates your company’s commitment to cyber security. It shows that you are dedicated enough to reach out to the best in the security industry in order to inform your team.
4. Offer consistent information
Once-a-year cyber security updates allow security initiatives to be easily forgotten by employees. Offering regular and consistent communication on security will keep employees both updated and informed. There’s a variety of formats you can utilize to share cyber security info company-wide.
A weekly or monthly security newsletter is a good fit for companies that are fully remote or more spread out. This email could include updates on security measures, personal cyber security tips, and news about cyber threats. Similarly, posters around the office can serve as casual reminders throughout the day. These are a good way to post contact information for your company’s cyber security response team, in case employees ever encounter a cyber threat during their workday.
It may also be a good idea to add a cyber security basics module to your company’s training or onboarding program. This section could serve as a foundation for your cyber security initiatives, ensuring that all new employees know where to get started with security. This beginner program could include tips, activities, and clear details on your security policy.
5. Run simulation campaigns
Simulated cyber attacks are a great way to test your company’s response skills and to educate employees. There are several cyber attack simulation styles, each with its own scope and goal. For example, “red vs. blue” team simulations have one team of employees attempt a faux cyber attack while the other team plays defense.
These simulations are among the most engaging training exercises you can implement. They are exciting for employees while also offering concrete insights into your cyber security preparedness. They can be as intense as team simulations or more passive, such as a simulated phishing attack campaign.
Security is a team effort
Company leaders and security officers are only one piece of the puzzle. True cybersecurity resilience requires awareness at all levels. After all, even the best security measures will be ineffective without widespread support from employees. These tips will help you build a culture of cybersecurity, one that builds awareness through engagement and community.
Lastly, please join us for the premiere cyber security event of the year, CPX 360 2022. Register here.