Ensure you are aware of, and managing your cyber safety risks.
Your employees are a critical part of your cyber safety strategy. Every employee with access to your business data and the internet needs to know how to keep your business safe.
Learn about effective ways to raise employee awareness about their important role in protecting your business.
Develop a proactive cyber safety culture
Cyber safety is everyone’s responsibility. Depending on the size and structure of your business, accountability for cyber safety starts at the top and flows right through your organisation.
Put clear cyber safety guidelines and policies in place
To drive the right cyber safety behaviours, employees need to understand why cyber safety is important, what their responsibilities are and what the consequences of an incident may be.
Don’t focus on scare tactics or what your employees can’t do. Talk openly about what they can do to keep your business and customers safe.
Cyber safety guidelines and policies need to be included as part of your Human Resources policies. To protect your business, these policies need to cover:
- secure use of:
- email and internet
- every touch point that connects employees to business data and the internet - this includes computers, laptops, personal communication devices such as mobile phones and tablets, remote access software and tokens and applications
- passwords and access to your business network, systems and applications.
- working remotely and securely
- how to protect business data including backups, privacy and a link to your Incident Management Plan
- what to do if a cyber security incident happens.
Make it easy for your employees to practice cyber safety
Building a positive and proactive security culture starts with talking about your cyber safety strategy from day one. Your induction program for new employees should include a conversation, interactive workshop, or online module of learning to help new employees understand:
- the cyber safety risks for your business
- why cyber security threats are a danger to your business
- what policies and procedures are in place to protect employees and your business from cyber threats
- where to go to find more information
- where to report cyber security concerns, threats or incidents.
To grow a proactive cyber security culture, you need to make it easy for your employees to do the right thing.
How to make it easy for employees to do the right thing
There are a number of cyber safety awareness initiatives you can offer to grow a proactive security culture – and you don’t need a big budget. Regular, consistent communication is the key to making awareness messages stick – this can be as simple as a monthly email to your team.
Consider inviting interested employees to become cyber security champions as part of their career development. These champions can help drive cyber security awareness initiatives for your employees. A sense of ownership will help build an influential group of cyber safety advocates.
Here are some ideas for raising awareness about cyber safety with employees:
Provide helpful information and tips
Build an online hub of cyber safety guidelines and tips. Point employees to this hub regularly by running internal cyber safety campaigns. In the interim, have them visit NAB’s Security Hub and Fraud Alerts pages.
Leverage current affairs
Reports of data breaches, hacking and other cyber security events is commonplace in the media these days. Leverage what’s happening in the news to communicate with your team about what happened and how it could have been avoided. Make it as relevant to your team as possible.
Make reporting easy
Employees need to know where to go to report cyber security threats or incidents. This could be an online form, an email box that is monitored regularly, a specific individual or a telephone number.
Make learning compulsory
If possible, offer an engaging learning and assessment training session or module that employees must complete in the first few weeks of starting and then at least annually.
Teach your team to be safe in their personal lives
Train your team about things not related to their work, such as social media privacy settings, device security, children’s online safety. If you people know how to be cyber safe in their personal lives, they will bring those good behaviours to work.
Run engaging employee communication campaigns
Regularly assess your top cyber safety priorities and run engaging internal marketing campaigns with strong calls to action.
Make flexible working securely, easy
Make sure you have secure flexible working tools and guidelines in place to reduce the risk of employees taking shortcuts that could compromise your business.
Have your leaders talk about cyber safety often
Use employee events and communications as opportunities to have conversations about how to protect your business.
Stay up to date with the latest threats
Services such as Stay Smart Online, provide information on some of the latest threats. Keep up to date and pass on information about current threats in team meetings or emails.
Reward and recognise
Think about ways to reward employees for demonstrating positive cyber safety behaviours and call examples out openly and often.
Encourage your team to share their personal stories that your business can learn from, and improve on.
Making it easy for employees to practice effective cyber safety behaviours will shore up your front line of defence against cyber security threats.