This is why Juan Manuel Harán, Security Editor at ESET, has outlined five ideas for creating a culture that inspires staff to stay on their toes and with cybersecurity top of mind:
1. Establish an email address for queries
Creating an email account where employees can send their questions on any and all things cybersecurity provides for a good start and has multiple benefits. For one thing, the designated email account can encourage employees to come forward and ask questions that they might not otherwise ask.
Employers can also ask their staff to forward suspicious-looking emails to the address for review, which can help the employees become more astute at recognizing fraudulent email messages. The messages can also be used for organizing training sessions that will benefit the other employees and the company as a whole.
2. Set up an early warning system
To counter malicious spam campaigns, it’s worth considering establishing a dynamic and proactive early warning procedure that allows for alerting the entire company and keeping all employees informed that a malicious campaign is circulating. This can cut the risk that an unsuspecting employee will fall for the trap, putting organizational, employee and customer data in danger.
Additionally, the system serves to reinforce awareness of some of the main cybersecurity threats and common techniques used by cybercriminals, even where they leveraged some tried-and-tested methods. Lastly, the procedure may enable security staff to analyze the campaign’s features.
3. Organize talks and training
Talks with experts, be they employees of the same organizations or guest speakers, can also go a long way towards educating staff on various aspects of information security.
Since organizations typically employ professionals from various fields, it may be advisable to set up separate talks that target the abilities, interests and experience of various groups of people.
4. Run contests
Everybody loves to compete – and win, right? Employee contests are a fun way to help instil robust cybersecurity habits. For instance, materials from training or talks can be leveraged for quizzes that will not only reward the winners but will also provide your organization with better insight into just how cyber-aware the employees are.
You can also organize a bespoke social engineering simulation to find out how easy it would be for threat actors to penetrate your company’s defences by targeting the human factor. The results can also be used to determine which aspects of cybersecurity should receive more attention in future training sessions.
5. Draft a good practice guide
Draft a document that details the most efficient ways to help the company and its employees ward off cyberattacks. Such guidelines may include, for example, information about how to configure devices securely, how to encrypt information, how to set up two-factor authentication factor on various services.
It’s also important to make sure that the guides are easy to read, contain only the necessary information, and are easily accessible for any employee.
By Juan Manuel Harán
Edited by Jenna Delport
Follow Jenna Delport on Twitter
Follow IT News Africa on Twitter