(4 min read)
Your employees are your first line of defence against cyber criminals.
Your employees are your first line of defence against cyber criminals. As you know if you’ve been following our content, figures suggest that around 90% of successful cyber attacks are down to human error.
So your employees need to be really engaged with the dangers that cyber criminals pose, and understand how to behave differently to protect your business – and themselves.
And that’s what we do with Psybersafe – our training programme is designed to help your staff build awareness and habits that will protect your business from cyber attack.
It’s easy to make cyber security awareness a ‘chore’. People can feel like they’re being told off for not following all the rules, having a weak password or forgetting to lock their laptops when they go to the loo. In order to up their cyber game, your employees have to want to do it. In psychology, we call this ‘motivation’. And you’ll know this as an employer – when your team is motivated, they are more proactive and productive – the same is true for cyber security awareness.
Motivation is a desire to undertake a specific behaviour towards a goal. We talk of intrinsic and extrinsic motivation: the desire to do something for the enjoyment of the thing itself – intrinsic - or for the goal it achieves or leads to – extrinsic – (Pintric, 2003). But motivation is likely to sit on a spectrum between intrinsic and extrinsic factors (Rigby et al 1992, Murray, 2011). BJ Fogg (e.g. in Tiny Habits, 2020) suggests three sources of motivation: yourself (you want to feel fresh so you have a shower in the morning, for example), a benefit or punishment arising from the behaviour (running will make you feel good afterwards), and the context (at a charity event everyone on your table is putting money in the pot, you could win a prize, you’re having fun).
Motivation is complex and difficult to influence. Motivation alone will not move people to do things. You have to know what to do or how to do it and feel that you can do it, and then actually have the opportunity to do it. And the easier it is, the less motivation you need.
So, how do you motivate your team to pay more attention to the danger of cyberattacks? To start, make things easy and fun (or at least a little bit interesting) for them
- Reward – the carrot is better than the stick. Instead of haranguing people about their passwords, reward people who spot a phishing email, or who report a dodgy-looking link, or an unsafe practice. Perhaps have a monthly award for the person who has either done the most to protect the business, or who reported a threat that could have been particularly nasty. Celebrate this!
- Visibility – if all your employees get in terms of cyber awareness is a monthly email reminding them to be vigilant, you’re probably not doing enough. When you’re in the office, put posters and stickers up on the wall so that your teams have a visual reminder of the importance of looking after your cyber security. For people working remotely, build it into your weekly or morning team meetings and send out a desk reminder that they can have visible at all times. And walk the talk!
- Share great content – there are some really useful cyber awareness blogs out there (we’ve written some of them!) along with hints and tips about working safely from home. There are also some great videos about how easy it is to hack into a company’s IT systems – we have highlighted this one from Hewlett Packard on our social media already. The more people get to see how easy it is for criminals to access your business, the more they are likely to be motivated to think and behave differently. Stories are powerful.
- Look for good practice elsewhere – what are other people in your industry doing? How can you learn from them? Can you join cyber security groups, or perhaps create an employee- run group in your business, tasked with keeping cyber security top of mind?
- Invest in some good training – we would say that, wouldn’t we? But actually, it’s true. Most cyber security training is dull. So there’s no interest to change and therefore no motivation to change, just a motivation to get out of the training as soon as possible. Psybersafe cyber training for employees is run online, so your employees can do it whenever works for them. It’s fun and interactive, so there’s a reason to do it. And, as well as highlighting issues, it’s designed to change behaviours – making a real and measurable difference to your business.
Time to get your employees more engaged? Time to get Psybersafe!
|Mark Brown, is a behavioural science expert with significant experience in inspiring organisational and culture change that lasts. If you’d like to chat about using Psybersafe in your business to help to stay cyber secure, contact Mark today.|
Join our newsletter to keep up to date with our training and insightful information regarding our training and protecting you and your employees from cyber attacks.