You can’t lean on mandatory trainings alone
It doesn’t matter how engaging your mandatory cyber security trainings are. If your team members view them as nothing more than a box needing a checkmark, the content might not stick.
The key to employee buy-in (let’s face it: it’s also key to executive buy-in) is to make cyber security part of your corporate culture.
As we were preparing to present a seminar on building a culture of security awareness to the El Paso Hispanic Chamber of Commerce this month, we honed in on some solid principles you can use to build a culture of cyber security.
Make the connection personal
CEOs and other high-level leaders are among the most vulnerable to cyber attack, not only because they have the most to lose in a phishing or ransomware attack, but because they are attacked most often. So a culture of security awareness has to start at the executive level.
But both exec and employee buy-in really hinge on whether each person feels like they have skin in the game. Try to start conversations (outside of regular trainings) about how cyber security affects individuals at home and on their private devices.
If each of your team members feels like security impacts them on a personal level, your cultural language (jargon) will shift. Data-mining and hacking are two realities you can bring up to help foster conversations and build an emotional connection to cyber security awareness.
Make a culture of cyber security fun
Culture forms naturally when enjoyment is shared. So try to make employees feel good about learning safe internet and email practices! Some strategies you can try are:
- Give public compliments. If an employee calls attention to a suspicious email or goes the extra mile to verify an attachment’s authenticity, mention it.
- Start some healthy competition. Analytics from your trainings or phishing email simulator should give you an idea of who is “getting” the info. Consider having a monthly prize for the team member or group that makes the most progress.
A culture of cyber security blends emotion and fun
When cyber security principles are connected to emotion, fun, or recognition, they become part of your corporate jargon. And jargon is an essential part of a corporate culture.
Varay can help you create that jargon with engaging cyber security solutions, trainings, and phishing simulations.
Contact us today to set up a free visit to determine your IT score and find the best way to create a corporate culture of cyber security for your organization.