National Cyber Security Awareness Month: Employee Buy-In
As National Cyber Security Awareness Month continues, we are going to focus on different aspects of cyber awareness. Last week, we discussed the importance of cyber awareness within an organization. This week, let’s talk about how to encourage employees to commit to a cyber-aware culture.
Every user is a possible target for phishing or hacking so it’s crucial that everyone with an account is committed to cyber safety. We know that users are the weakest link when it comes to cybersecurity and scammers exploit this. If users use their strong phishing recognition skills and good password hygiene, your organization has a solid front line defense against cybercrime.
Teach Them the Why
We can provide training on passwords and phishing, but how do we get our users to incorporate cybersecurity into the fabric of their workday? Users will read that they should create a strong, unique password or that they should be careful when clicking links. But how much of this information is committed to memory or practice?
Think about the questions you might ask yourself before committing to investing your time and energy into a project or venture: Why is this important to me? What will happen if I don’t make this commitment? Could it affect my job or me personally? Time is a scarce resource, today more than ever, and it’s up to tech leaders to present compelling answers to these questions and gain buy-in from users.
Which statement do you think is more likely to grab someone’s attention? ‘Verify payments before transferring money to avoid a business email compromise scam’ or ‘An Ohio public schools superintendent had her paycheck stolen when a school employee fell for a fraudulent email.’ One statement presents an abstract problem, the other shows real world consequences. The stolen paycheck scenario could (and, in fact, did) happen to an unaware employee.
It’s human nature to tune in when something might have an impact on you or your finances. As cybersecurity concepts are introduced, they should be linked to work and personal scenarios: ‘Password reuse can compromise our network and lead to ransomware and can also compromise your online banking service and make you vulnerable to identity theft. Here are some password manager solutions you can use on your phone or tablet.’
The goal of a cyber awareness program should not be to frighten employees into following rules, but to present the dangers, consequences, and solutions in a way that is relatable, helpful, and engaging.