One of the biggest challenges facing Chief Information Security Officers and IT Directors can be getting their workforce behind the idea of working in a cyber secure culture. This quick guide will help you hit the hardpoints home and protect your organisation from cyber threats.
IT security is often thought of as a boring subject. This can cause your staff to switch off when it comes to essential cyber security practices, and leaves your organisation vulnerable to security risks that are easily preventable.
The majority of your workforce may fall into the trap of thinking that cyber security doesn’t affect them – when in reality, they couldn’t be more wrong. Cyber criminals see staff as the weakest part of an organisation’s defence because of their tendency to make mistakes. The “Take Five To Stop Fraud” campaign revealed that only 9% of Britons can spot something fraudulent.
Why should I be promoting a secure work culture?
The answer to this question may seem obvious to anyone working in IT or cyber security – it’s one that we hear a lot when speaking to organisations. There are a variety of organisations and individuals believe that they will not fall victim to a cyber security attack.
People with this mindset should ask themselves “What would the consequences be if our organisation was subject to a major security breach?”
At surface level, the breach could result in money or sensitive data being stolen from the organisation. You can attribute a value to stolen money, but any sensitive or client information can be priceless. Cyber criminals will target sensitive information such as financial information, client contracts and employee usernames and passwords in order to either ransom back to the organisation or to leak the information to competitors.
Those are just the financial implications of being unprepared for a cyber attack. Other repercussions can include severe reputational damage to an organisation, which can have an effect on customer trust and buying confidence, resulting in an impact on profits.
In mid-June 2018 Dixons-Carphone, one of Europe’s largest consumer electronics retailers who operate the likes of Currys, PC World and KNOWHOW, admitted a huge data breach involving 5.9 million payment cards and 1.2 million personal data records.
Although no fraudulent activity has been reported, this breach massively undermined the reputation of Dixons-Carphone and the company reported that profits plunged 24%.
Organisations, no matter how big or small, are not immune to outside threats and the consequences of not being prepared for them.
What’s the best way to engage employees?
So the next question you need to ask is, what steps can you take to start promoting IT security in the workplace. Here are 6 things that you can do to create a cyber secure workplace:
- Implement staff training that covers the whole spectrum of cyber security focussing on engaging end-users
- Encourage a culture change by getting employees to talk about cyber security regularly by using bitesized training courses
- Establish a clear process for your employees to follow when reporting security breaches, and reinforce it by integrating your policies into your staff training
- Apply your training initiative over an extended period of time to ensure that information security is at the forefront of your workforce’s minds and make them feel comfortable about reporting breaches rather than distancing themselves from them.
- Use additional materials around the office to support your cyber security training campaign. For example, displaying posters or desk calendars that feature security tips from the information security campaign that you’re running
- Include your workforce when discussion of cyber security, they might know somebody who has been affected by cyber crime and this could help hammer home the message of employees applying the same vigilance in the workplaceIf you are looking for cyber security training that integrates with your internal policies, find out more about the Bob’s Business Cyber Security Awareness Training eLearning course here.
Bob’s Business provides cyber security awareness training and simulated phishing campaigns with an approach that is memorable, engaging and entertaining. Our bite-sized modules help you achieve industry standards and a secure culture.