Your employees are a critical part of your cyber safety strategy. Every employee with access to your business data and the internet needs to know how to keep your business safe.

Learn about effective ways to raise employee awareness about their important role in protecting your business.

Develop a proactive cyber safety culture

Cyber safety is everyone’s responsibility. Depending on the size and structure of your business, accountability for cyber safety starts at the top and flows right through your organisation.

Put clear cyber safety guidelines and policies in place

To drive the right cyber safety behaviours, employees need to understand why cyber safety is important, what their responsibilities are and what the consequences of an incident may be.

Don’t focus on scare tactics or what your employees can’t do. Talk openly about what they can do to keep your business and customers safe.

Cyber safety guidelines and policies need to be included as part of your Human Resources policies. To protect your business, these policies need to cover: 

  • secure use of:
    • email and internet
    • every touch point that connects employees to business data and the internet - this includes computers, laptops, personal communication devices such as mobile phones and tablets, remote access software and tokens and applications
    • passwords and access to your business network, systems and applications. 
  • working remotely and securely
  • how to protect business data including backups, privacy and a link to your Incident Management Plan
  • what to do if a cyber security incident happens. 

Make it easy for your employees to practice cyber safety

Building a positive and proactive security culture starts with talking about your cyber safety strategy from day one. Your induction program for new employees should include a conversation, interactive workshop, or online module of learning to help new employees understand:

  • the cyber safety risks for your business
  • why cyber security threats are a danger to your business
  • what policies and procedures are in place to protect employees and your business from cyber threats
  • where to go to find more information
  • where to report cyber security concerns, threats or incidents.

To grow a proactive cyber security culture, you need to make it easy for your employees to do the right thing.

How to make it easy for employees to do the right thing

There are a number of cyber safety awareness initiatives you can offer to grow a proactive security culture – and you don’t need a big budget. Regular, consistent communication is the key to making awareness messages stick – this can be as simple as a monthly email to your team.

Consider inviting interested employees to become cyber security champions as part of their career development. These champions can help drive cyber security awareness initiatives for your employees. A sense of ownership will help build an influential group of cyber safety advocates.

Here are some ideas for raising awareness about cyber safety with employees:

Provide helpful information and tips

Build an online hub of cyber safety guidelines and tips. Point employees to this hub regularly by running internal cyber safety campaigns. In the interim, have them visit NAB’s Security Hub and Fraud Alerts pages.

Leverage current affairs

Reports of data breaches, hacking and other cyber security events is commonplace in the media these days. Leverage what’s happening in the news to communicate with your team about what happened and how it could have been avoided. Make it as relevant to your team as possible.

Make reporting easy

Employees need to know where to go to report cyber security threats or incidents. This could be an online form, an email box that is monitored regularly, a specific individual or a telephone number.

Make learning compulsory

If possible, offer an engaging learning and assessment training session or module that employees must complete in the first few weeks of starting and then at least annually.

Teach your team to be safe in their personal lives

Train your team about things not related to their work, such as social media privacy settings, device security, children’s online safety. If you people know how to be cyber safe in their personal lives, they will bring those good behaviours to work.

Run engaging employee communication campaigns

Regularly assess your top cyber safety priorities and run engaging internal marketing campaigns with strong calls to action.

Make flexible working securely, easy

Make sure you have secure flexible working tools and guidelines in place to reduce the risk of employees taking shortcuts that could compromise your business.

Have your leaders talk about cyber safety often

Use employee events and communications as opportunities to have conversations about how to protect your business.

Stay up to date with the latest threats

Services such as the Australian Cyber Security Centre, opens in new window, provide information on some of the latest threats. Keep up to date and pass on information about current threats in team meetings or emails.

Reward and recognise

Think about ways to reward employees for demonstrating positive cyber safety behaviours and call examples out openly and often.

Share stories

Encourage your team to share their personal stories that your business can learn from, and improve on.

Making it easy for employees to practice effective cyber safety behaviours will shore up your front line of defence against cyber security threats. 

Helpful resources

How we can help

If you’re a NAB customer and you believe your business or personal accounts have been impacted by fraud or a scam, we’re here to help. Explore the immediate steps you can take to protect yourself and discover when you should get in touch with us to make a report.

Learn what to do in the event of fraud or scams

Get updates on the latest fraud alerts


IDCARE is Australia and New Zealand's not-for-profit counselling and support service set up to assist Australians impacted by identity theft and cyber-related crimes.

IDCARE can assist NAB customers to navigate through the process when identity details or credentials have been compromised through fraud or scams. IDCARE is a free service for all Australians.

Learn more about IDCARE, opens in new window

Australian Government | Australian Cyber Security Centre (ACSC)

The Australian Cyber Security Centre (ACSC) brings cyber security capabilities from across the Australian Government together in a single location. It’s the hub for private and public sector collaboration and information sharing to combat cyber security threats. ACSC provides topical, relevant and timely information on how home internet users and small businesses can protect themselves from, and reduce the risk of, cyber security threats such as software vulnerabilities, online scams, malicious activities and risky online behaviours.

Learn more about the Australian Cyber Security Centre, opens in new window

Australian Government | ReportCyber

ReportCyber is a secure reporting and referral service for cybercrime and online incidents which may be in breach of Australian law. The ReportCyber website provides a cybercrime reporting mechanism as well as helpful information about cybercrime.

Learn more about ReportCyber, opens in new window

Australian Competition and Consumer Commission | Scamwatch

Scamwatch provides information to consumers and small businesses about how to recognise, avoid and report scams using publications, videos and other online resources.

Learn more about Scamwatch, opens in new window

Australian Government | Office of the eSafety Commissioner

The Office of the eSafety Commissioner provides online safety education for Australian children and young people, a complaints service for young Australians who experience serious cyberbullying, and address illegal online content.

Learn more about the Office of the eSafety Commissioner, opens in new window

Australian Government | Attorney-General’s Department

The Attorney-General’s Department website provides helpful information and resources about your rights and protections in regards to identity security, freedom of information and cyber security. The Department has developed a range of resources to assist people protect their identity and recover from the effects of identity crime.

Learn more about the Attorney-General’s Department, opens in new window

Related articles

Important information