Good internal communications are essential to the smooth operation of every organisation. Often the responsibility of department heads, particularly those in human resources and marketing, the effective implementation of communication strategies falls to every function of an organisation.
Cybersecurity and the protection of businesses is increasingly something that executive teams and board members are becoming conscious of. Beyond the investment in appropriate ICT systems, effective protection and associated governance, building awareness of cybersecurity into a company’s security plan is a critical element of any cybersecurity strategy. However, cybersecurity is often relegated to the back of the minds of many employees who assume it will be handled by the IT department. Cybersecurity needs to be placed at the forefront of every section of business operations. Cybersecurity impacts businesses every day, and your frontline staff are your greatest vulnerability.
The most effective way for companies to turn this vulnerability into their greatest asset, is by communicating to staff their role in protecting the business. Many staff members are not up to date on the current threats or what they should be looking out for. Additionally, many employees believe that the implications of a cyber intrusion won’t affect them personally and therefore remain unengaged in cyber protection for the business as a whole. In reality, this is hardly the case. One false move by any individual, such as clicking on a spam email attachment or entering credentials into a fake landing page created in a phishing attack, can put the entire company under threat and have far-reaching and disastrous results for every employee, not to mention the impact on that individual themselves.
If you’re serious about protecting your company’s finances, systems, credentials and reputation from attack, a well-informed workforce is your first bastion of defence.
Communication Managers are responsible for driving home the relevance of cybersecurity and the key to doing this is answering the question ‘what does this mean for me?’ for each employee. By addressing this ‘so what’ factor, employees are given a clear and defined idea of what their role is in protecting the business.
Some practical ways to implement this in your communications plan includes:
Hold cybersecurity training as part of all new employee onboarding to ingrain protective measures from the start. Further to this, adding a section on cybersecurity to any policy training or rollouts will provide a framework for dealing with potential threats that may occur as a result of new business procedures.
Most companies utilise internal newsletters to keep people informed with workplace updates. Create a cybersecurity section within these newsletters as a powerful way to flag potential threats or intercepted attacks. It’s a visual medium that captures the attention of employees who are already actively reading the news blasts, and you can use screenshots and credentials to highlight strategies to recognise malicious activity.
Face-to-face interactions are often the most powerful, so use company-wide and general meetings to reiterate the importance of cybersecurity. This can be executed by integrating updates into the agenda of all major meetings. And to ensure it’s not seen as purely an update from IT, ask other members of your team to speak about their experiences and initiatives.
Distributing collateral and displaying posters around the workplace serves as a great visual reminder to employees to be aware of potential cyber threats. Bright imagery and bolded action steps is a powerful way to reinforce security related messages in internal communication and provide a cohesive outlook on how to combat attacks.
Use your company intranet to keep employees informed about emerging cyber news. Instead of devoting resources to researching news, check in to see whether your security vendor sends cyber news updates. For instance, some of our clients integrate the MailGuard RSS feed into their company intranet for education and ongoing awareness of new threats.
Approaching cybersecurity awareness as a function of your internal controls is essential to reducing the threat of cyber risks, and your company’s response efficiency should improve also, should an intrusion occur. Ultimately, protecting organisations is a collective responsibility and the best way to ensure this is communicated to every employee is to build it into your internal communications plan from the get-go.
Craig McDonald is the CEO and founder of MailGuard, a leading Australian technological innovator providing complete enterprise-grade protection against email and web security threats such as phishing and malware, spyware, viruses and spam
Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on social media.