88% of data breaches are caused by human error
– Stanford University
Despite advancements in technology, when it comes to security, we humans can be the weakest link in the chain. Whether falling victim to a phishing attack, clicking on a dodgy link in an email, leaving a computer unlocked or sensitive information lying around, employee actions increase risk. It’s crucial to focus on boosting employee security awareness, not just technical solutions. Here are six ideas to strengthen your weakest link.
1. Minimise exposure
Working within Microsoft 365 offers a robust framework that minimises security exposure by providing advanced security features and tools. With solutions like Microsoft Purview, we can proactively manage sensitive data, enforce data governance and prevent data loss. Working within M365 and minimising the use of external apps and services helps ensure compliance.
2. Leverage Communication Channels for Awareness
Using a variety of communication channels, such as a SharePoint intranet, can help disseminate information effectively, raise awareness, and reinforce security best practices among employees. Regularly updating the intranet with relevant security alerts, incident reports, training materials and tips can help keep security top-of-mind.
3. Remind People of Risks
We all need a little nudge now and then. By leveraging your intranet to push out timely alerts and updates on emerging threats, employees can stay informed about the evolving cybersecurity landscape and take necessary precautions. Use a variety of channels and media to make sure everyone gets the message: infographics, pop-up notifications, quizzes, videos and digital screens in communal areas.
4. Flag Incidents and Stay Sharp
Encouraging people to speak up about security slip-ups or close calls is crucial. Having clear ways to report incidents empowers employees to flag anything suspicious. One Sydney private school recently received complaints when they directed a test phishing campaign to teachers during peak marking time when everyone was stressed and tired. “Hackers aren’t stupid. They know school timetables. They won’t wait until we’re ready,” said their unapologetic CIO.
5. Make Training Fun
Nobody likes boring training sessions! Interactive training modules, quizzes, and video resources can make learning engaging and accessible for people across different departments and locations. Small, bite-sized videos or chat messages with tips of the day will often resonate better than a 30 minute training session. Why not stage a few “incidents” where strangers try to tailgate through a security door and reward staff on the spot when they challenge them? Then share it on the intranet of course!
6. Share Tips and Tricks
Arming employees with practical tips and strategies is a game-changer. From effective password management, social engineering awareness, device security, physical access controls – “Do’s & Dont’s” help everyone make smarter choices that boost overall security. It’s also a good idea to acknowledge that security measures like MFA often do act as roadblocks and cause inconvenience – and highlight the efforts that are being made to minimise these.
While technology plays a crucial role in securing organisational assets, it is imperative not to overlook the human element in the security equation.
Cultivating a culture of security consciousness among employees is not just best practice; it is a strategic imperative. By investing in employee education, engagement, and empowerment, we can effectively mitigate risks and build a resilient defence against cyber threats.