Second of three parts
LAST week, I discussed the challenges faced by overextended information technology (IT) departments. However, even the most well-structured IT team cannot defend against cyberthreats alone. A robust cybersecurity strategy requires the active involvement of every employee, making it essential to build a culture of cybersecurity throughout the organization.
Human error is a significant factor in cybersecurity breaches, with IBM estimating that 95 percent is caused by mistakes made by individuals. This statistic underscores the importance of engaging employees in cybersecurity practices and ensuring that they understand the impact of their actions on the organization’s security.
Common symptoms of a lack of security awareness include ignoring IT security advisories, which are perceived as too technical or irrelevant (this disconnect can lead to poor security practices and increased vulnerability to attacks) and disengagement from training.
Many employees treat cybersecurity training as a formality, often running modules in the background while focusing on other tasks. This lack of engagement means that employees may not fully grasp the importance of the security measures they are being asked to follow.
To overcome these challenges, organizations must make cybersecurity relatable and engaging. Simplifying communication and focusing on the personal and professional benefits of cybersecurity can help bridge the gap between IT and nontechnical employees.
Effective communication strategies include:
– Simplified messaging: Avoid jargon and emphasize how following cybersecurity protocols benefits employees personally and professionally. For example, rather than delving into technical explanations, highlight how these protocols protect their personal data and contribute to the organization’s overall security.
– Interactive training programs: Traditional training modules are often long and technical, which can lead to disengagement. Instead, consider using short, interactive content like videos or infographics that are easy to understand and retain.
– Use of “Netflix-style” video series that integrate cybersecurity lessons into an engaging storyline: This method not only captures employees’ attention but also improves retention of critical information. Organizations that have implemented such training have seen higher viewership, engagement and better outcomes particularly on phishing test results. We observed as well that employees look forward to the next episodes of these video series, which are only released on a monthly basis.
To truly build a cybersecurity culture, it is important to integrate cybersecurity practices into the daily operations of the organization. This means providing continuous, bite-sized training sessions that keep cybersecurity top of mind, rather than relying on annual training that quickly fades from memory.
Collaboration between departments, such as Knowledge Management, Marketing and IT, can create materials that are both informative and visually appealing, making it easier for employees to engage with and understand cybersecurity messages. IT cannot do this alone.
In industries where data protection and regulatory compliance are critical or in the case of SMEs, have no capability to create such cybersecurity training programs, such as our firm’s Vigil@nt Training Program that offers ready-made videos about cybersecurity to help them build a strong cybersecurity awareness. This would ensure that every employee understands and follows cybersecurity practices is essential, and reduces the risk of human error, and enhances your overall security posture.
In the final part of our three-part series, we will explore the critical role that leadership plays in driving a cybersecurity culture. Learn how senior management can set the tone for security practices across the organization and why their involvement is key to a successful cybersecurity strategy.
Leonard Duque is the director and chief information officer for the Technology Solutions Group at P&A Grant Thornton. One of the leading audit, tax, advisory and outsourcing firms in the Philippines, P&A Grant Thornton is composed of 29 partners and 1,500 staff members. We’d like to hear from you! Connect with us on LinkedIn and like us on Facebook at P&A Grant Thornton and email your comments to [email protected]. For more information, visit our website at www.grantthornton.com.ph.
Be the first to comment