To ensure that both new and longer-serving employees understand their roles in preventing cyberattacks, you must provide anti-fraud training and reinforce a cybersecure work culture.
Change the View
For many employees, cybersecurity is an unwelcome distraction from their core jobs. This may be because they do not understand the scope and severity of the threat or how important a preventive role they can play. They may view cybersecurity as a compliance issue and simply something they have to go along with to satisfy their employer.
To ensure cybersecurity receives the support and attention it deserves, reframe it — as superior customer service, effective financial accounting, or as another critical function. You can highlight the importance of cybersecurity by utilizing real examples of what happens when breaches occur:
- Share examples of successful breaches at other companies, particularly in your industry, on a regular basis.
- Disclose the amount of losses generated by breaches and the impact they have had on defrauded companies’ finances and operations.
- Draw up a list of lessons that can be learned from these examples and communicate them to workers.
Make Training Fresh and Engaging
To further impart the importance of security to new and existing employees, routinely offer cybersecurity education that includes the latest threat intelligence. Updating materials frequently will help keep employees’ attention. Include quizzes that do not simply require them to memorize answers. For example, ask them to provide feedback on cyber schemes they have learned about or have personally experienced. You might also want to offer rewards for participation and high scores.
To further foster employee engagement, encourage employees to participate on internal discussion boards about cybersecurity. You might start a thread that asks employees to share examples of phishing emails they have received, relate news stories detailing breaches at other companies, or ask questions related to best practices.
Rethink the Role of IT
When cybersecurity became a widespread corporate priority several years ago, many organizations asked their IT department to assume sole responsibility for educating employees about threats. For some employees, it may have been easy to ignore or dismiss IT communications as not essential to their jobs.
Your IT department remains central to preventing cyberbreaches. But in today’s high-risk environment, employee education should not rest entirely with IT. Your organization’s senior leadership must play a visible role in building a security-conscious culture. Senior managers across your organization should include cybersecurity information in every employee communication that is even tangentially related. Executives also need to encourage workers to complete cybersecurity training and report any suspicious activity.
When evaluating technology investments, company leaders should include IT department representatives in planning meetings to ensure cybersecurity remains at the forefront. For example, IT staffers can contribute what they know about the reputation of software providers when it comes to fixing bugs and providing updates.
Take the Threat Seriously
Most networks these days are under frequent — sometimes constant — attack by cybercrooks. You need to do everything in your power to prevent these criminals from breaching your company’s defenses. Your employees are the foot soldiers in this battle. Foster an enterprise-wide cybersecurity culture by prioritizing, training, and setting an example by taking the threat seriously.
Use our free cybersecurity diagnostic to evaluate strengths and weaknesses in your organization. We can also walk you through an audit of your practices and provide you action steps to ensure your organization has taken necessary precautions to protect against cyberthreats. Contact us today to take the next right step.
© Copyright 2021 Thomson Reuters.
Disclaimer of Liability
Our firm provides the information in this article for general guidance only, and does not constitute the provision of legal advice, tax advice, accounting services, investment advice or professional consulting of any kind. The information provided herein should not be used as a substitute for consultation with professional tax, accounting, legal or other competent advisors. Before making any decision or taking any action, you should consult a professional advisor who has been provided with all pertinent facts relevant to your particular situation. Tax articles in this blog are not intended to be used, and cannot be used by any taxpayer, for the purpose of avoiding accuracy-related penalties that may be imposed on the taxpayer. The information is provided “as is,” with no assurance or guarantee of completeness, accuracy or timeliness of the information, and without warranty of any kind, express or implied, including but not limited to warranties of performance, merchantability and fitness for a particular purpose.