Your employees are a critical part of your cyber safety strategy. Every employee with access to your business data and the internet needs to know how to keep your business safe.

Learn about effective ways to raise employee awareness about their important role in protecting your business.

Develop a proactive cyber safety culture

Cyber safety is everyone’s responsibility. Depending on the size and structure of your business, accountability for cyber safety starts at the top and flows right through your organisation.

Put clear cyber safety guidelines and policies in place

To drive the right cyber safety behaviours, employees need to understand why cyber safety is important, what their responsibilities are and what the consequences of an incident may be.

Don’t focus on scare tactics or what your employees can’t do. Talk openly about what they can do to keep your business and customers safe.

Cyber safety guidelines and policies need to be included as part of your Human Resources policies. To protect your business, these policies need to cover:

  • secure use of:
    • email and internet
    • every touch point that connects employees to business data and the internet - this includes computers, laptops, personal communication devices such as mobile phones and tablets, remote access software and tokens and applications
    • passwords and access to your business network, systems and applications.
  • working remotely and securely
  • how to protect business data including backups, privacy and a link to your Incident Management Plan
  • what to do if a cyber security incident happens.

Make it easy for your employees to practice cyber safety

Building a positive and proactive security culture starts with talking about your cyber safety strategy from day one. Your induction program for new employees should include a conversation, interactive workshop, or online module of learning to help new employees understand:

  • the cyber safety risks for your business
  • why cyber security threats are a danger to your business
  • what policies and procedures are in place to protect employees and your business from cyber threats
  • where to go to find more information
  • where to report cyber security concerns, threats or incidents.

To grow a proactive cyber security culture, you need to make it easy for your employees to do the right thing.

How to make it easy for employees to do the right thing

There are a number of cyber safety awareness initiatives you can offer to grow a proactive security culture – and you don’t need a big budget. Regular, consistent communication is the key to making awareness messages stick – this can be as simple as a monthly email to your team.

Consider inviting interested employees to become cyber security champions as part of their career development. These champions can help drive cyber security awareness initiatives for your employees. A sense of ownership will help build an influential group of cyber safety advocates.

Here are some ideas for raising awareness about cyber safety with employees:

Provide helpful information and tips

Build an online hub of cyber safety guidelines and tips. Point employees to this hub regularly by running internal cyber safety campaigns. In the interim, have them visit NAB’s Security Hub and Fraud Alerts pages.

Leverage current affairs

Reports of data breaches, hacking and other cyber security events is commonplace in the media these days. Leverage what’s happening in the news to communicate with your team about what happened and how it could have been avoided. Make it as relevant to your team as possible.

Make reporting easy

Employees need to know where to go to report cyber security threats or incidents. This could be an online form, an email box that is monitored regularly, a specific individual or a telephone number.

Make learning compulsory

If possible, offer an engaging learning and assessment training session or module that employees must complete in the first few weeks of starting and then at least annually.

Teach your team to be safe in their personal lives

Train your team about things not related to their work, such as social media privacy settings, device security, children’s online safety. If you people know how to be cyber safe in their personal lives, they will bring those good behaviours to work.

Run engaging employee communication campaigns

Regularly assess your top cyber safety priorities and run engaging internal marketing campaigns with strong calls to action.

Make flexible working securely, easy

Make sure you have secure flexible working tools and guidelines in place to reduce the risk of employees taking shortcuts that could compromise your business.

Have your leaders talk about cyber safety often

Use employee events and communications as opportunities to have conversations about how to protect your business.

Stay up to date with the latest threats

Services such as Stay Smart Online, provide information on some of the latest threats. Keep up to date and pass on information about current threats in team meetings or emails.

Reward and recognise

Think about ways to reward employees for demonstrating positive cyber safety behaviours and call examples out openly and often.

Share stories

Encourage your team to share their personal stories that your business can learn from, and improve on.

Making it easy for employees to practice effective cyber safety behaviours will shore up your front line of defence against cyber security threats.

Helpful resources

Managing cyber security as a business risk

Ensure you are aware of, and managing your cyber safety risks.

Safely storing your data

Your stored business data travels in and out of your network. What key controls can you put in place to ensure it’s safe?

How to protect your business from cyber security threats

Cyber threats don’t have to turn into cyber incidents with security controls in place.

Understanding the value of your business data

Protecting valuable business data from cyber crime is everyone’s business.

Cyber Safety

Stay informed

Report a suspicious NAB message