When it comes to cyber security, best practice in the workplace is important to proactively prevent a cyber-attack. The challenge is getting your employees to understand why they should be vigilant.
Cyber-criminals target people. Research shows that more than 60% of external attacks target employees via social engineering. Tactics such as these give the hackers an advantage. They can successfully attack by using targeted spear-phishing emails or by breaching account passwords.
To shield your organisation against these tactics, cyber security needs to become a prime topic in the workplace, at all levels. It sounds relatively easy, right? The problem here is getting buy-in from staff. Enough buy-in to ensure they understand the threats and know what to watch out for day in, day out.
To get the ball rolling, focus on raising awareness in the workplace. This can either be managed in-house or it can be outsourced to an external provider. Your staff may be aware of the high profile data breaches that are in the news but they need to know background and facts.
Cyber security has often been viewed as an ‘IT topic’ but that doesn’t make it an issue that is exclusively assigned to the IT department. Employees need to understand the prime threats, the risks and that hackers thrive on human error.
Use stats that resonate with your team. An example being that 600,000 Facebook accounts are comprised every day. This is a relatable statistic that brings home the dangers of the online world.
Send frequent reminders and alerts
To build and maintain cyber-awareness in the workplace talk about it frequently. Schedule emails to all of your staff with polite reminders, quizzes and known examples. Add notes or posters to communal staff areas to get the message out in multiple mediums.
If you read of a threat targeting your industry or notice anything suspicious raise the alert. Send around an organisation-wide email to keep employees up to date with the latest news and evolving threats.
If a member of staff raises an alert of a potential phishing email or malicious attachment, share this information with others. Keeping information private can be to your detriment when it comes to cyber security. Put in place communications procedures to share known attempts and if the worst does happen be open with your staff.
Update your policy
Cyber-security should be considered from day one when an employee joins your organisation. Update your IT policy with best practice guidelines on passwords, information sharing etc and enforce these throughout the organisation.
Consider these tips to enforce cyber security best practise in the workplace and gain buy-in from your employees. Treat cyber-security as an important issue but approach it pragmatically without causing panic, and without blinding people with technology jargon.
If you can get your employees to defend against cyber-attacks, then you can strengthen the shield around your business to keep the hackers out!