Find out what security measures you can take to reduce risk to your business
Estimated reading time is 5 minutes.
Estimated reading time is 5 minutes.
Your employees are a critical part of your cyber safety strategy. Every employee with access to your business data and the internet needs to know how to keep your business safe.
Learn about effective ways to raise employee awareness about their important role in protecting your business.
Cyber safety is everyone’s responsibility. Depending on the size and structure of your business, accountability for cyber safety starts at the top and flows right through your organisation.
To drive the right cyber safety behaviours, employees need to understand why cyber safety is important, what their responsibilities are and what the consequences of an incident may be.
Don’t focus on scare tactics or what your employees can’t do. Talk openly about what they can do to keep your business and customers safe.
Cyber safety guidelines and policies need to be included as part of your Human Resources policies. To protect your business, these policies need to cover:
Building a positive and proactive security culture starts with talking about your cyber safety strategy from day one. Your induction program for new employees should include a conversation, interactive workshop, or online module of learning to help new employees understand:
To grow a proactive cyber security culture, you need to make it easy for your employees to do the right thing.
There are a number of cyber safety awareness initiatives you can offer to grow a proactive security culture – and you don’t need a big budget. Regular, consistent communication is the key to making awareness messages stick – this can be as simple as a monthly email to your team.
Consider inviting interested employees to become cyber security champions as part of their career development. These champions can help drive cyber security awareness initiatives for your employees. A sense of ownership will help build an influential group of cyber safety advocates.
Here are some ideas for raising awareness about cyber safety with employees:
Build an online hub of cyber safety guidelines and tips. Point employees to this hub regularly by running internal cyber safety campaigns. In the interim, have them visit NAB’s Security Hub and Fraud Alerts pages.
Reports of data breaches, hacking and other cyber security events is commonplace in the media these days. Leverage what’s happening in the news to communicate with your team about what happened and how it could have been avoided. Make it as relevant to your team as possible.
Employees need to know where to go to report cyber security threats or incidents. This could be an online form, an email box that is monitored regularly, a specific individual or a telephone number.
If possible, offer an engaging learning and assessment training session or module that employees must complete in the first few weeks of starting and then at least annually.
Train your team about things not related to their work, such as social media privacy settings, device security, children’s online safety. If you people know how to be cyber safe in their personal lives, they will bring those good behaviours to work.
Regularly assess your top cyber safety priorities and run engaging internal marketing campaigns with strong calls to action.
Make sure you have secure flexible working tools and guidelines in place to reduce the risk of employees taking shortcuts that could compromise your business.
Use employee events and communications as opportunities to have conversations about how to protect your business.
Services such as the Australian Cyber Security Centre, provide information on some of the latest threats. Keep up to date and pass on information about current threats in team meetings or emails.
Think about ways to reward employees for demonstrating positive cyber safety behaviours and call examples out openly and often.
Encourage your team to share their personal stories that your business can learn from, and improve on.
Making it easy for employees to practice effective cyber safety behaviours will shore up your front line of defence against cyber security threats.
Australian Government | Australian Cyber Security Centre and Stay Smart Online
The Australian Cyber Security Centre (ACSC) brings cyber security capabilities from across the Australian Government together into a single location. It’s the hub for private and public sector collaboration and information sharing to combat cyber security threats. ACSC’s Stay Smart Online provides topical, relevant and timely information on how home internet users and small businesses can protect themselves from, and reduce the risk of, cyber security threats such as software vulnerabilities, online scams, malicious activities, and risky online behaviours.
Australian Government | ReportCyber
ReportCyber is a secure reporting and referral service for cybercrime and online incidents which may be in breach of Australian law. The ReportCyber website provides a cybercrime reporting mechanism as well as helpful information about cybercrime.
Australian Competition and Consumer Commission | Scamwatch
Scamwatch provides information to consumers and small businesses about how to recognise, avoid and report scams using publications, videos and other online resources.
Australian Government | Office of the eSafety Commissioner
The Office of the eSafety Commissioner provides online safety education for Australian children and young people, a complaints service for young Australians who experience serious cyberbullying, and address illegal online content.
Australian Government | Attorney-General’s Department
The Attorney-General’s Department website provides helpful information and resources about your rights and protections in regards to identity security, freedom of information and cyber security. The Department has developed a range of resources to assist people protect their identity and recover from the effects of identity crime.
Find out what security measures you can take to reduce risk to your business
Your stored business data travels in and out of your network. What key controls can you put in place to ensure it’s safe?
Online threats don’t have to turn into crimes with security controls in place.
Protecting valuable business data from cyber crime is everyone’s business.
You’ll now be redirected from NAB to an external site.
NAB doesn’t accept responsibility for the operation of the website you’re being redirected to.