Workplace security: yawn. Yes, it’s not the most interesting topic and many employees will feel like you are beating a dead horse, but it is absolutely vital in our risky digital world. So, how do you keep your employee’s eyes from glazing over? Follow these three tips and tricks for keeping security issues interesting and meaningful to employees who might not give security much thought.
1) Engage your employees
Security should no longer rest with just the IT or IS departments. In fact, you could be causing more harm if it does. Every employee is responsible and, more importantly, capable of preventing security breaches. So, why not have your cybersecurity policy start with them? However, instead of sending the annual or semi-annual technology and security memo out cold, try to present it in an impactful way.
Take a page from MADD/SADD and actually show how serious any breach can be not only to the company but also employees. If that’s too dramatic, make a game out of it at your next department meeting. Regardless, however you present the information, just make sure every employee is engaged and clearly understands the risks. And, if a breach does happen, make sure others are made aware, so they’ll know how to prevent a similar attack.
2) Have an open door security policy
In most cases, the obligatory 90-day password change is not enough in today’s shifting cybersecurity world. Just as hackers are evolving and becoming more sophisticated, so should your technology and security policy. You need to constantly review these policies, to ensure they are up-to-date in order to prevent attacks. No matter if an employee is a custodian, administrator, manager, or C suite executive, they should all have a say in security, after all, two heads are better than one. Create a technology and security team, with representatives from every department. Not only will you be provided with fresh perspectives, but you may discover possible new weaknesses previously disregarded.
3) Speak in terms they’ll understand
Another way to pique your employee’s interest is to speak in terms they’ll understand. Don’t assume everyone knows what malware, Trojans or worms are, or what types of links/sources are okay to access. Create a document for both desktop and mobile devices explaining what is an acceptable and unacceptable use of company technology. Be sure to speak in both technical and plain terms, for everyone’s comprehension. Additionally, offer ongoing technology training to employees, so at the very least, they’ll have a basic understanding of cybersecurity and how to help prevent an attack.
While talking to your employees about security may not be the most interesting subject, it is a necessary ongoing conversation. It doesn’t mean it has to be boring. In fact, if you present your technology and security policies in an interesting and meaningful way, it could help retention and boost engagement among your employees. No matter how you present the information, just make sure everyone is clear on what the risks are and how to help prevent an attack.
How do you engage your employees in technology and security conversations?