We’re focused on…
Why cybersecurity awareness initiatives shouldn’t just support safe practices at work. They should help employees understand security in a holistic manner – to establish safe practices everywhere.
Why?
We interviewed Stephen Bennett (Global CISO at Domino’s), and he said:
“Our aim is to make the information as relatable as it can be, drawing parallels between safe practices at home and at work since good habits seamlessly transition between the two.”
He was talking about supporting his organisation’s very high number of employees in establishing and maintaining good security practices. And this is an important point that’s not often made:
Someone who understands cybersecurity risks, and the management strategies to mitigate them, will practise those strategies everywhere – not just at work.
And if you understand this, you can make your employees care about security
Because you can frame it in a way they can connect with easily. You can teach them how to protect the security of things they truly care about (their home, their family, their personal identity) – and then translate that understanding into the protection of data assets at work.
We know we talk about storytelling a lot. But that’s because we know how powerful it is. And when you’re able to put your team members right at the heart of your security awareness story – so they’re the main character – you’re so much more likely to get them engaged and motivated to play their part in protecting your organisation’s security.
Habits are habits
As Bennett said, good habits seamlessly transition between home and work. So supporting the development of good habits at home can make a security mindset second nature to your employees. They won’t have to try too hard to adopt best practices – because those best practices will be part of their daily life.
Good habits at home might look like…
Creating strong passwords and changing them regularly
Setting up multi-factor authentication wherever possible
Thinking twice before clicking on links or attachments in emails and messages
Verifying the identity of anyone requesting private information
Keeping an eye on physical belongings in public; protecting high-value goods; and always locking smartphones and computers before taking a break away from your desk
Keeping connected devices and browsers up-to-date, so you’re never behind on software patches
Backing up important files in a different, secure location so they can’t be lost
Deleting any sensitive data if you don’t have a reason to keep hold of it
All really simple habits – we know, and we know you know. And yet if every single person in an organisation practises security measures like this on auto-pilot, the organisation is far more secure as a result.
How do you encourage your team to adopt these habits?
The answer is not to encourage, but to empower instead. And that starts with knowing what they’re protecting and why they’re protecting it; and then understanding how each simple habit works to establish and maintain that protection.
Do this through the power of story. The employee is the main character, and the data they care about most (the data that could have the biggest impact on their lives) is under threat. But as the main character, they have the potential to change that – by adopting excellent security hygiene and consistent best practices.
P.S. - Mark your calendars for the return of Black Hat MEA in November 2024. Want to be a part of the action? Register now!