Cybersecurity is an absolute necessity for keeping customer information, as well as more general company data, safe. Without it, your business is exposed to a range of threats that can cost you thousands when recovering information — or cost you even more in customer trust.
Cybersecurity issues can develop when your staff members struggle with the rules set to keep everyone safe. People want to get their work done, and can be inclined to end-run around some onerous-seeming procedures, especially if they don't see any value to them. This means that getting complete buy-in from your employees on your cybersecurity efforts can be a challenge.
So what works? Below, seven members of Forbes Technology Council weigh in on the best ways to help improve employee compliance when it comes to cybersecurity procedures. Here’s what they recommend:
1. Start With Employee Awareness
It has to start with employee awareness. If you implement a plan to train your staff about the threats that are out there, you will have an easier time getting buy-in and compliance from them. I also believe that your training needs to go beyond how it affects the business, and that you should help educate your staff about the threats that could affect them personally, as well. - Charles Lobert, Vision Computer Solutions
2. Provide Regular Training Programs
One of the best ways would be to start providing semiannual or ongoing training and awareness programs for employees. It should include all liabilities and threats that might be a consequence of not following protocols. People are still not aware of the actual tactics and schemes that hackers are using, and thus do not take cybersecurity breach risks seriously. - Dmitry Dragilev, JustReachOut Inc.
3. Make It Personal And Relatable
I have seen many programs start with the list of requirements and procedures that come across as onerous and burdensome. Starting with clear examples, using video training, that show how non-adherence can trigger a breach, hurt the company and impact the employee, which helps put things into better perspective. - Devin Redmond, Theta Lake, Inc.
4. Be Transparent About Security Procedures
Give functional groups — like HR, legal and IT — ownership. And be transparent in your communications on internal security procedures. This isn't about monitoring productivity or personal interests. Ultimately, you have to maintain the sanctity of the relationship between the company and employees. This creates trust while protecting corporate assets and ensuring employee privacy. - Matthew Moynahan, Forcepoint
Read more in Five Principles To Help Keep Your Security Strategy Ahead Of The Curve
5. Use Entertaining Videos To Convey Your Points
We use a combination of mandatory compliance training on an annual basis along with monthly "quick tip" emails that are sent as reminders to all employees. In both of these channels we rely on brief and entertaining videos to land key points for following cybersecurity procedures. - Ali Siddiqui, CA Technologies
6. Tie Training To Their Personal Lives
I have found that the best way to achieve buy-in for cybersecurity is to tie it to their personal life. We schedule our training as "public service announcements" for W2 fraud in January, tax fraud in March and cyberfraud in November. By educating the employees to be aware of risks that impact them personally, we have seen a reduction in phishing compromise and malware downloads. - Andrew Blocksidge, MagnaFlow Exhaust System
7. Keep It Simple And Easy
Long policies and procedures will probably not get read and retained. So have the TL;DR version. For example: "Creating accounts on third-party services: Always use a password manager to generate and store passwords, ours is (your service here)." - Kent Dickson, Yonomi Inc.
