How to Get Staff Onboard with Cyber Security

12/04/2022 08:58 - By Bill
In March 2022, the Government published its latest findings about the state of cyber security in the UK. The survey found that in the 12 months leading up to the date of publication, 39% of businesses had experienced a cyber-attack, with the most common threat being phishing emails (83%). 

New strains of malicious software are constantly being discovered, and the COVID induced shift to home working saw a huge increase in data breaches. In a cyber threat landscape that continues to evolve, it’s important for organisations of all sizes to be prepared. And that means making sure staff are properly educated and supported.

Small Businesses are Big Targets

Almost half of cyber attacks are aimed at businesses with 250 staff members or less. That’s because a lot of people think that hackers are only interested in the big fish and won’t bother with smaller concerns - and the hackers know it. Like all criminals, they go for easy targets, knowing that small organisations tend to have smaller budgets…which usually means less money to spend on security and staff training.

The best way to keep your information safe is to create a culture of cyber security awareness, in which everyone is on the same page and knows exactly how to recognise a threat. That doesn’t mean ruling with an iron fist and instilling fear into everyone who goes anywhere near a computer – if anything, that can have the opposite effect. 

So, how can you get staff onboard with cyber security? We’ve put together a few tips.

1. Share Information 

Cyber security can seem really complex, especially for those who aren’t particularly confident with IT. But that doesn’t mean you should keep it all to yourself just because you’re the boss. 

Countless studies have found that employees connect, perform and behave better when their managers share information with them, which can only be a good thing for your business. Your staff are your most valuable asset, and with the right training and support they will play as big a role in protecting your data than even the most expensive software. Make it part of your routine to share information about data breaches and hacking trends, and you could be pleasantly surprised by the results. 

2.  Make it Personal

 

Even the most empathic person can get overloaded with bad news stories and switch off if things don’t feel relevant to their own lives. Most employees tend to care more when they can see how cyber security issues might affect them personally, so it’s important to explain the link between your organisation’s data and their own. 

 

Hackers do a lot of background research when they’re hunting for new prey, and that often includes looking at individual staff members’ social media accounts. By practicing good data security at work, they can keep their personal information safe too.

 

3.  Lead by Example

 

Nobody likes the “do as I say, not as I do” approach, so if you’re going to talk about data protection in staff meetings and bulletins, you’ll need to be seen to be walking the walk too. Team leaders need to be setting a good example, so always take part in cyber security training programs with your staff, check twice before you click on any links and never, ever share your password (or leave it scribbled on a post-it note!)

4. Implement an Easy to Follow Policy 

One sure way to turn people off the idea of cyber security (or anything, really) is to create a long-winded document that takes hours to read. But you do need a policy that covers all the bases and clearly explains what’s expected of your team. 

Your data protection policy should be easy to read, transparent and must include things like personal devices (this is also called a Bring Your Own Device/BYOD policy), password management and what to do in the case of a possible data breach.

5.  Make It a Key Part of all New Staff Inductions 

It’s much easier to instill good practice into new employees than to expect existing staff to adopt new ways of working (although that can be done, too!).

    

As soon as a new team member joins, make sure they’re clear on all your cyber security policies before giving them access to any of your data. This should be an integral part of any new induction program and you’ll need to get a signature confirming that all staff members understand their rights and responsibilities. 

6. Make it Regular

Good intensions can also fall by the wayside when people are busy, and we all need a little refresher from time to time. The threat landscape is always changing too, so it’s really important to arrange regular cyber security awareness training for all staff and keep everyone up to date about new and evolving risks.

7. Consider Offering Incentives 

Some companies offer reward schemes for staff who spot security risks and alert management straight away, and incentives are a good way to keep important issues fresh in employees’ minds. 

You might also want to simulate cyber attacks from time to time, in the same way as running fire drills – this can help your team feel more prepared in the event of a real attack.

Conclusion 

Cyber security awareness doesn’t have to be complicated or heavy – a lot of the time it’s just about having the confidence to spot when something’s not right. When your staff are informed, good practice is part of your culture and you lead by example, you’ve got a much higher chance of keeping your valuable data safe. 

As experts in cyber security, our goal is to ensure our customers always have the tools they need to protect themselves against hackers. That’s about much more than simply installing firewalls and security software; we’re here to share our knowledge and educate people about common threats and how to avoid them. 

To find out more about how we can help you keep your data, staff and reputation safe, get in touch! 

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before the bad guys do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

Here's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customise the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organisation compares to others in your industry

    Bill