The biggest threat (at least in my opinion) to an enterprise's cybersecurity health is the people that work there. That's not a knock on anybody, it's just an unfortunate truth. People often have a lot to worry about and unfortunately, cybersecurity often falls to the wayside.
Whatcha' gonna do? Am I right?
I'm not right. Nobody should shrug their shoulders and give up when it comes to the topic of cybersecurity and educating people regarding it.
It's why this article from Forbes caught my attention: https://www.forbes.com/sites/forbesagencycouncil/2019/10/09/using-internal-communications-to-engage-employees-in-cybersecurity/#7b15181654f4
It's worth the read and definitely lays out some good ideas. The article's main talking points include:
- Showing employees possible cybersecurity scenarios they might find themselves wrapped up in. If you've ever tried to tell somebody not to do something it's often followed up by a blank stare and a sort of sneer before they do exactly what you told them not to. Same works with educating people regarding Cybersecurity matters.
It's always better to provide examples and hypothetical scenarios when it comes to educating someone rather than just telling them not to do something when they don't have a clear idea on what it is they're actually trying to avoid.
- Test their cybersecurity knowledge in a friendly manner. Hold quizzes or contests where an employee is asked true/false questions. Don't penalize them for getting the answer wrong, instead give them the correct answer and educate them as to why it's the better choice.
- Be funny. Use humor. I like this one a lot. I try to be funny. Sometimes I succeed (though I'm fairly certain it's my sense of humor that will guarantee I'm never employee of the month, but I digress).
In the case of what we're talking about humor can be a valuable learning tool. Since it's human error that we're trying to avoid, and human error can be incredibly funny if presented in the right light. It's a delicate balance to maintain but it's worth a try.
- Recognize excellence without chastising failure. If you're doing what we mentioned above it might behove you to recognize the employees who show progress or high aptitude in regards to the subject matter. All the while make sure not to chastise those who don't.
It's human nature to want praise or to be reocognized for an accomplishment, and typically, with little to no prompting, someone who's been lagging behind will often rise to the occasion in order to receive some themselves.
- Repetition leads to retention. They say doing the same thing over and over gain in hope of a different outcome is the definition of insanity, and if we're being honest, that's probably true. But in the case of cybersecurity, can you afford not to be crazy?
It's constant work to keep your place of business safe. It can be tedious, and repetitive but ultimately worthwhile. Educating your employees can be tedious and repetitive too but ultimately, the end will justify the mean.
Just make sure to keep the flow of communication consistent and try not to bottle it all up. It's much easier to drink from a water fountain than it is a fire hose, if you catch my drift.
Like our blog? Subscribe using the CTA in the upper right-hand corner of this page. Feel like sharing your thoughts with us? Use the comment section below.