Network security, web security, and general IT security should be as big a priority for internal communications professionals as for the IT team.
Digital workplaces have connected us in more ways than ever, so it’s easy to understand why cybersecurity is important. Proper training (and communication) is now a must for any company, big and small. If you want to get the message across to your workforce about how to stay vigilant in the face of a potential cyber attack, don’t do what most internal communicators do, which is to rely solely on email blasts.
Employees get an average of 90 work emails a day, and you don’t want vital messages about IT security and cybersecurity to be buried in their inboxes.
Instead, here are ten tips on how to communicate the importance of cybersecurity to employees to make sure they follow through and stay safe against network threats.
Ten Tips to Communicate Web Security to Your Employees
Tip #1: Start communicating why cybersecurity is important during onboarding.
Preventing a cyber attack should be an integral part of your company culture. And new employees start learning about company culture the minute they start the onboarding process. This makes onboarding an ideal time to include a three-part strategy:
- A general introduction of the cybersecurity policies of the company,
- An interactive, practical training that covers basic security threats like phishing and email scams.
- Information about employee access to sensitive data (and the implication of losing such data).
Don’t leave employees guessing about company policies regarding technology, such as whether they can use their own smartphones or how to report phishing emails.
Cybersecurity awareness is critical to a new employee’s success. Make it easy for them to find reference documents on your workforce communications platform, so they don’t need to search for the information across company drives or an outdated intranet.
Tip #2: Use powerful analogies when communicating about network security (and be creative in your internal campaigns).
Stories and analogies can have a great impact on engagement. Analogies reveal connections, spark innovation, and sell our greatest ideas. Here’s a case study on an inventive way to teach employees about phishing emails.
Tip #3: Have an IT security crisis communication plan.
Unfortunately, cyber attacks are commonplace—everything from malware to data breaches happen every day to companies of all sizes. You won’t know what it is until it happens, which is why you want to prepare in advance.
In any crisis, proper communication is key to keeping people calm, organized, and safe. Crisis communications are the steps taken by a company’s internal communications team to disseminate information to the people affected. How you handle a crisis will have a big impact on your employees and your company. Here are three steps on how to develop a crisis response for network security and cybersecurity.
Tip #4: Create a single source of truth for all your web security planning.
A dedicated IT channel on a workforce communications platform provides employees with a place to access information directly and resolve their issues independently. Also, it can help you streamline onboarding, create engaging tutorials, and store critical IT information.
For network security, this may include:
- Share “how-to” resources (such as how to identify a phishing email or who to contact if you think you have a computer virus).
- Manage and publish important IT documents, thereby establishing a single source of truth on specific IT resolution channels that workers can search and access with ease.
- Educate employees on best practices and tips on cybersecurity, malware, ransomware, etc.
- Update and refresh documents easily, so the most up-to-date information is always readily available.
A workforce communications platform with smart searching capabilities also offers employees a way to find materials much more easily than on an intranet.
Tip #3: Perform practical cybersecurity training exercises.
If you want employees to care about cybersecurity” try “live fire” training instead of just talking about what might happen. For example, you can simulate a situation where an employee becomes the victim of an attack that’s actually orchestrated by your IT department or an outside vendor. Afterward, you can explore what lessons they learned, the implications of such an attack on the company and their personal lives, and how such attacks can be prevented.
Tip #4: Talk to the employee immediately if a cyber attack or security incident occurs.
Let’s say one of your employees, through ignorance or by mistake, experiences a cyber attack on his or her work computer. As you take steps to correct the situation, also consider educating the employee in the moment. This can be a powerful strategy rather than waiting for a general meeting, or talking to the employee weeks after the event has occurred.
Tip #5: Use multiple communication techniques.
Combine recurring information using unique delivery methods. Your communication methods can include the following.
- e-learning training,
- simulated cybersecurity threats,
- simulated physical social engineering drills to test in-office security,
- email updates, and
- lunch-and-learns with your IT team.
Tip #6: Adapt your messaging according to the preferences and styles of your audience.
Some messaging about cybersecurity can be general. In some cases, however, personalized or customized content can be highly impactful.
Get to know the needs, preferences, and communication styles of the audience you’re attempting to reach. Remember different departments have different ways of leveraging and interacting with technology, and they may be exposed to varying levels of cybersecurity risk. (For example, your software developers are more likely than your AR clerk to need reminders regarding cloud storage security.)
Tip #7: Connect office security to home security.
If you can provide relevant solutions that will help employees to mitigate their cybersecurity risks at home, it would be a great way to boost the relevance and awareness of the message. They’ll understand that learning more about network security at work will help with their personal lives, which will make it more relevant to their daily lives.
Tip #8: Highlight the positive cybersecurity behaviors of top executives.
Ask company leaders to model positive cybersecurity behaviors. Getting executives involved is not only a practical concern, but it also helps spread the message throughout the company about why cybersecurity is important. Encourage executives to share how they maintain a security-conscious mindset. This type of executive communications is best when it’s authentic and personal, such as a video.
Learn more about how Extreme Networks leveraged video to create authentic communications to create a strong company culture after three mergers and acquisitions nearly tripled their employee count.
Tip #9: Involve communication experts.
The top communication experts in your company may not be part of your IT team. Enlist such people to communicate that network security, web security, and IT security are paramount at your company. You can partner with the HR, internal communications, and marketing departments to add creativity to your message.
Tip #10: Celebrate and communicate your cybersecurity successes.
High profile news about recent cybersecurity attacks on big companies makes people assume that data breaches are inevitable and efforts to prevent them are not effective. Your IT team needs to use any available stories to prove that such attacks are frequently thwarted.
For example, if an employee fails to take the bait in a phishing email and instead does the right thing and reports the attempted attack, or your team is able to overcome a ransomware attempt with a segregated backup copy, share the success. Sharing and celebrating employee successes should be part of your communications strategy.
Need more advice on how IT can communicate to the rest of the organization? Read our latest eBook, Digital Transformation for CIOs: 7 Steps to Success.