Anyone on an IT team knows it can be difficult to get cybersecurity messages across to non-IT staff. Your coworkers are nonexperts whose focus is on their own responsibilities — it’s just too easy to tune out security warnings. Even if they do pay attention to your alerts, they may not fully comprehend your instructions.
But to keep the company secure, everyone needs to have a working knowledge of cybersecurity protections and stay vigilant. It’s an uphill challenge: Seven in 10 employees lack the awareness to stop preventable cyber attacks, according to cybersecurity training company MediaPro.
Use these tips to break through to your co-workers, and keep everyone informed and alert.
Identify the Obstacles
To get your message across, it helps to understand what keeps people from taking cybersecurity seriously. Perhaps people in non-technical roles assume that security is IT’s responsibility, rather than something in which everyone has a role. Even when employees are aware that their actions directly impact security, they may see accepting software updates or regularly changing passwords as an inconvenience.
Talk with your coworkers to understand their attitudes toward cybersecurity and their awareness of best practices. Circulating a short, informal survey might be an effective way to get at this information. Once you understand the roadblocks, you can craft your messages to remove them.
Make Internet Security Information Relatable
Explain cyber threats in terms that your coworkers can easily grasp. That means, of course, dropping the jargon and highly technical language that you might use with your IT colleagues. It also means connecting threats to your colleagues’ specific roles. For example, if you’re talking with the human resources team about phishing scams, explain that these attacks can target employees’ Social Security numbers and other sensitive information held in HR’s systems. If you’re talking with accounts payable, highlight schemes that target companies’ bank account numbers to divert funds. When employees understand the direct consequences that security lapses can have, they may be more inclined to follow best practices.
Keep Cybersecurity Training Simple
When you’re preparing training for the company, aim to make it straightforward and engaging. Avoid using presentations with dense copy and complex directives; instead, try videos and interactive tools that people can engage with. Ask someone outside of the IT department to review the materials and tools you develop to be sure the information is easy to grasp.
Incorporating statistics and real-world examples into training can work well. Strive for data and examples related to companies like yours. Also include data points that underscore employees’ contributions to security to emphasize the role each and every person plays in tight company security.
Repeat and Refresh Your Messages
To be effective, cybersecurity awareness needs to be an ongoing effort. Refresh your training yearly to keep pace with evolving threats. Supplement the training with reminders, such as cybersecurity-focused posters placed in breakrooms and meeting areas. Send occasional emails, perhaps with short quizzes that reinforce what employees have learned. Encourage your colleagues to reach out with any questions or concerns they have.
Changing up your messaging can keep employees from tuning it out. Over time, your efforts can help to create and reinforce a culture of cybersecurity awareness. When employees recognize that they are instrumental in keeping your workplace protected, they will also set an example for others.
