National Cybersecurity Awareness Month may be over this year, but our mission to keep people and businesses safe is ongoing. Cybersecurity is a year-round issue and with a recent study finding that 4 out of 5 employees engage in some risky online behaviors at work despite being aware of the security risks, we have our hands full.
But what can you do if your employees are knowingly engaging in risky behaviors as the study above suggests?
5 ways to improve employee security behavior
Improving employee security behavior is no easy task. It requires a mix of training, trust and babysitting. Sometimes you can train them and trust employees to do the right thing. Other times, it is easier to restrict access so they don’t do things that may cause risk to your organization.
1. Explain the ‘why’ in language they can understand
Sometimes employees know something is risky, but they don’t know why. For example, they know they aren’t supposed to open email attachments from people they don’t know – but why? Tell them – in laymen’s terms – how hackers use those email attachments.
2. Be present
Trust us, we know you have plenty of things to work on everyday, but you need to come out of your office and talk with the employees in every department. You want people to know who you are, like you and respect you so that they feel comfortable reaching out to you and so they listen to you. They are not going to do any of that if you only show up when there are problems.
3. Provide evidence of potential personal consequences
As sad as it may be, a lot of employees don’t care if company data gets out; in fact, a quarter of employees would sell company data for less than $8,000. To prevent this disregard for company data, remind employees that a data breach can seriously affect them personally. Use fear if needed. Explain to them that the company has all their data (including bank account information and social security numbers) and that a data breach can destroy a company, which means they could lose their jobs.
4. Block sites
Blocking certain websites at your company can save you a lot of stress. For example, if you don’t want employees using their personal cloud at work (you have no control over the company data they take and put in there) block sites like Dropbox. Of course, this doesn’t eliminate the problem, but it lessens it.
5. Maintain regular check-ins
Herding cats. That’s what it feels like trying to get everyone in your office to follow good cybersecurity practices. You may feel like you have the HR department on board, but then you see that the marketing department seems to have forgotten everything you told them. To avoid forgetfulness or people reverting back to their bad habits conduct regular, short security meetings with each department.
No matter how hopeless your endeavor may feel at times, never give up. Keeping data safe is your job; if there is a breach anywhere in the company – no matter who is at fault – you have to clean up the mess. Prevention is better than reaction. Be proactive when it comes to cybersecurity.