How to create a sense of responsibility for cyber security via your staff

How to create a sense of responsibility for cyber security via your staff

Cyber security involves the technologies, processes and practices behind protecting your information systems from attack, damage or unauthorised access. In today’s technology landscape and the increasing cyber attacks on Australian soil, your company’s data is on the line.

It’s no longer just about establishing what cyber security best practice is among your staff. Protecting your company and minimising risk and liability requires building a strong security culture among your employees. It’s important to communicate and encourage mutual responsibility of security practices with your staff — security isn’t a one person effort from IT.


What is security culture?


Security culture encompasses the ideas and behaviours of a group of people that impacts the level of security risk within an organisation. A strong security culture in your company will encourage implementation of cyber security best practice as a community effort.

Without nurturing a security culture, companies are leaving themselves open to immense risk. Though employees might be well intentioned, security breaches caused by employees are unfortunately common. With greater awareness of cyber security and training around what constitutes secure modes of transferring private information, your company can reduce the risk of these incidences occurring.


How to build a security culture through cyber security employee training:


1. Go mythbusters on those cyber security myths


Often conversation around cyber security strays too far, towards typical Hollywood perceptions where online security breaches are caused by a lone hacker far, far away.

Building awareness around the reality of cyber security is an essential first step to creating a security culture.

Consider how you can communicate these myth busting truths about security in an engaging way to employees, because people need to know that:

  • Cyber security isn’t a technology only problem — improving protection means every single user employing security best practice as much as possible. Technology is only as good as the people using it.
  • Cyber security isn’t just about credit card fraud — while stealing credit card information is a real threat without appropriate measures, there’s far more on the line. Cyber crime often involves the theft of personal identifying information or confidential business information that can be sold to competitors or other organisations.
  • Software won’t protect you completely — though it’s useful to a certain extent, no software can create an impenetrable defence.
  • Cyber criminals don’t just target corporations, they’re after SMEs too!
  • Just because you don’t have anything “worth stealing”, you’re still at risk — while it mightn’t be your data on the line, malicious individuals may target vulnerable computer networks for storing contraband materials or for use in attacks on other sites.


2. Explain legitimate and relevant examples of how it can go wrong


An understanding of how pressing a cyber security issue is will encourage shared responsibility. As part of  cyber security training, it’s crucial to use examples relevant to the Australian market.

Use case studies and scenarios that employees, in your specific industry can understand. For example, healthcare professionals will need knowledge of safe ways to handle private patient information. In other instances, employees will need to learn what is and isn’t safe to send via email and appropriate responses to a suspected cyber attack.


3. Equip your staff with the tools and know how


With an awareness of cyber crime, your employees need the tools and know how to put security into action. Effective ways of equipping staff include:

  • Training programs and seminars — there’s a lot of ground to cover with security best practice, so a seminar offers the best chance for people to get in a room together and learn. It’s also a fast way to ensure everyone up-skills.
  • Online courses — the benefits of flexible access means all employees can upskill anytime and anywhere. This also reduces the interruption to a work week, that a longer seminar might cause.
  • Assigning a go-to person for all questions — building a security culture is an ongoing process. Ensure everyone knows where to go with any cyber security questions.

Over to you


Truth is increased cyber security starts now and starts with your staff — investing in your team is a must for reducing risk and protecting your company. Sometimes it's hard work to get the team on board and motivated to upskill, which is why we've created this guide to Marketing your e-Learning strategy to your team. Creating a fun environment to learn garners great results, so if you're looking to gain buy in, this is the guide for you!

Marketing your compliance strategy


Related Articles

Dos and don'ts for social media at your office party this Christmas

Christmas party season is here and things are going to get celebratory!

Read More

Useful principles for building and improving a safety culture

Culture is more than a document collecting dust or a regular event in the calendar when you shout your team a box of doughnuts. It’s the way your company lives and breathes, turning business vision and goals into daily decision making. Whether intentional or unintentional, your culture creates workspaces that are either inclusive or exclusive, empowering or oppressing, innovative or by the book.

Read More

How a corporate social media policy empowers your PR department.

Truth is, every company needs a social media policy. It’s not just an effective means of building an authentic and authoritative company presence online. A social media policy also protects your company from becoming liable for your employee’s actions online.

Read More

Join 5000+ learning professionals and receive our email updates.