In our last blog, we talked about how to encourage cyber security awareness and the importance of having a cyber security training and awareness program for your employees. In this blog, we’ll discuss eight specific ways you can encourage cyber security awareness.
Cyber Security for Employees
Keeping systems up to date is a given for the IT professional. Patching and updating are staples in any good systems maintenance plan. How often, though, are your people patched? When are they updated? What version of your cyber security strategy are they running? Having a good cyber security training and awareness program helps keep employees on the top of their game, and ultimately helps keep your business protected.
How to Engage Your Workforce
There are numerous ways to engage your workforce in cyber security best practices. Here are some recommendations to improve your organization’s security posture. Let’s start with employees and the tools they frequently use.
- Create a culture of cyber security – Cyber security habits are best learned through management taking the lead. Setting a good example from the top down helps employees keep cyber security top of mind. It also enhances the idea that everyone plays a part in security and lowers the risk of human error.
- Make cyber security awareness part of onboarding – Set the tone for cyber security from the first day. Build the mindset that cyber security is a priority and show employees that they play a key part in keeping the organization safe.
- Stress the importance of cyber security at work and at home – Senior leaders need to help employees understand the importance of cyber hygiene in the workplace and at home. There is definite value in putting the problem in a personal context. This gives employees a ‘what’s in it for me’ they can apply all the time, not just at the office.
- Demonstrate what good cyber hygiene looks like – Engage users and help them understand what it is they’re doing and then reward them for doing the right thing.
- Get rid of weak passwords – Employees are using easy-to-remember passwords, and twenty-five percent are reusing the same password for everything, according to an OpenVPN survey of U.S.-based full-time employees. This makes the entire network much more vulnerable to cyber attacks and puts the company’s data at risk, too.
- Don’t use public WiFi – Because WiFi is so readily accessible these days, many businesses have work from home policies. However, public WiFi in a cafe, airport, or hotel is almost never secure and is available at the user’s own risk. Malware is easily transferred between devices on the same network, wireless or not. Company policy should include language that requires users to connect through a VPN to access work-related materials when not in the office. You can also require applications on mobile devices that can tell the IT and security team who’s in compliance or not with security standards.
- Be creative – Make the learning process fun. Designate a cyber security day, or week. Pit departments against one another, even your facilities management and cafeteria staff, to see who can come up with the most creative cyber security theme or ideas to keep employees aware and safe.
- Reward good behavior – Rewards don’t have to be a big flashy item. A reward could be the CEO’s parking spot for the day, a small plaque, or mention in the corporate newsletter.
The bottom line is that cyber security hygiene should be built in from the beginning. Lead by example to set the tone for your employees and reward them when they succeed. This is the best way to keep your business protected.