Your workforce is both your greatest asset but also your greatest weakness when it comes to cybersecurity.
No number of policies you make employees read and sign will eliminate this risk, so how do you get employees to take cybersecurity responsibility and incorporate it into their day to day activities?
Last week, our office manager received an email from the boss asking them to pay for an item on the company credit card while the boss was flying abroad. On the face of it, the email looked authentic but how would you know if this was a scam? Many employees are duped by realistic messages. Fortunately, on this occasion, the business manager knew the boss was on a flight and couldn’t possibly have sent this email.
Making cybersecurity an employee responsibility
No one wants to be “that employee who mistakenly clicks on that attachment”. Opening scam attachments is one of the biggest ways in which companies are attacked. No one would want to do this willingly or deliberately, but a recent report found that nearly 8% of employees clicked on a phishing email in less than a second.
Offering training is a start but this needs to be repeated regularly and constant reminders provided which engage employees by making them think continuously about cybersecurity in their daily ritual. Using communication methods such as the intranet, videos, newsletters and workplace screensavers can help keep this risk at the forefront of everyone’s minds while carrying out daily activities.
So how can we make learning about cybersecurity interesting and engaging?
- Create a quiz, weak passwords are a key cybersecurity risk. Show employees a range of passwords and give options as to why these passwords demonstrate high or low levels of risk. howsecureismypassword.net is a great tool to test different styles of passwords but never enter your actual password here. Long complicated passwords are now advised rather than changing your passwords regularly.
- Explain some phishing scams in simple and realistic terms and test your employees knowledge. What do they know to be true and false in certain situations?
- When an employee successfully raises an immediate security attack or finds a glitch in your system, reward them.
- Create a chatroom for employees on a platform such as teams, so that everyone can share and warn on scenarios happening to them.
- Gamification might work in the right environment, have a gaming leader board to show the employees that are ambassadors of cybersecurity in the workplace.
- Actively encourage employees to find weaknesses in your systems and procedures, recruit willing volunteers to actively engage in testing tournaments.
- Have your IT support simulate an attack, think about it like a test fire drill. Have a “lessons learned” lunch in a no blame environment.
Introducing cybersecurity learning into your organisation
First of all, you need to understand the ins and outs of cybersecurity, what it looks like, how it can affect your business and employees, what systems and procedures you need to introduce to protect yourself, your employees and your business. This is where EPX Technical Services can help. We are an IT support business who works with busy business owners and IT managers to help them deliver a secure, robust and progressive IT strategy. We also specialise in Phishing training and attack simulation. Changing the security culture of your business takes time, but with the right knowledge and support, you can introduce a programme that makes you cybersecure. When an employee makes a mistake and clicks on an e mail that causes infection, this isn’t the cause of the cybersecurity fail. The business was already under attack before the e mail was opened, so this means that the business needs to look at their security procedures more closely.
Cyber-crime is on the rise and your business is more at risk today than ever. EPX Technical Services can help introduce a safer workplace for you and your employees by delivering secure IT solutions. October is National Cybersecurity Awareness Month and their tagline is “own it, secure it, protect it”. EPX Technical Services can help deliver this service and are an innovative and proactive Managed Service Provider. Learn more about EPX or contact us on 01785 878 311 or email email@example.com.