Many employees regard data attacks and data security as something that does not concern them. And often they find the security measures boring and restrictive. Well, these measures are essential. How can you engage your employees and make them aware of the risks? Here are some practical tips.
Organise training courses
The security of every organisation is as strong as its weakest link. Set up a security awareness programme that targets every organisational level. It’s important everyone knows the security risks and can arm themselves against these risks. Security awareness training is the ideal method for this: it reminds all employees how to respond to specific data attacks. You can provide this training yourself or contract an external security expert.
Facing the facts
If your employees’ interest in a training course is non-existent, it helps to have them experience the risks for themselves. Some companies even go so far as to simulate a phishing campaign. They’ll request the login data of their employees, for example, in combination with non-sensitive personal data, such as a shoe size. Many colleagues are shocked when they realise their mistake, but it is an efficient method to raise their awareness.
And you don’t have to stop there: organise a hacking academy, for example, where employees are challenged to write convincing phishing e-mails. Meanwhile they learn what to watch out for when they receive a suspicious mail and it’s more fun than staring at lists.
The Cyber Security Coalition : extra support for small-sized businesses
Does your company not have enough extra resources to raise (data) security awareness? The Cyber Security Coalition might provide a solution. This umbrella organisation was established by about forty companies from different sectors, including Isabel 6. Every year the Cyber Security Coalition provides a number of security awareness tools, such as posters, which small-sized businesses are able to reuse for free.
Balance between security and user-friendliness
In your fight against data attacks, it is also important to weigh your security measures against how user friendly they are. The size of your organisation, the sensitivity of your business information, your sector and your business strategy play a considerable role in this.
For example, do you often exchange big files that don’t necessarily contain sensitive information? If so, your security doesn’t need to be too strict. In short: security is the aim, but make sure it remains workable.