That’s a question to which we’ve all heard the answer. Any worker can easily find security counsel, guidelines, dos and don’ts, and directions. However, the terminology continues to be unclear, the advice isn’t always applicable to the pressing matters we all confront in our busy professional lives, and it’s not always clear why or how implementing new practices will improve things.

We need to take a new tack. What needs to change is how we listen to and talk to our staff, not that we need more or different counsel. To properly educate our staff on the importance of maintaining the confidentiality of sensitive company or personal information, our training and communication must be:

When something is timely, we ask, “How can I use this to help me in my current work?”
Do I feel like it understands the difficulties I’m facing and the requirements I have?
Are there steps that can be taken to make that happen?
If you want to know if something is pertinent, ask yourself, “Why me?”

Over the past 18 months, we’ve had to adjust in ways we never had before. Due to the necessity of working remotely, many of us have adapted to new hybrid work practices that blend remote and in-office hours. Cyber security has taken a back seat because many of us and our employers have been busy juggling different needs at home and at work and helping people use new digital processes and work from home.

However, cyber attacks remain a threat to us and the businesses we help run. I recently had a conversation with a business owner who fell prey to a phishing scam that preyed on her concerns about becoming a target of cybercrime. It has cost her time and money, both of which will be difficult to recoup. Recent studies have shown that human cyber hazards such as ransomware attacks, stolen laptops, phishing attacks, and CEO fraud are the most typical types of cyber disasters that have occurred so far in 2021. Every single one of us has either experienced a cyberattack firsthand or has been directly affected by one. Every day, we deal with it.

It’s easy to see what this means. Your greatest susceptibility to cyber criminals is actually you and the ways in which you and your staff behave, despite the fact that the risk is real, securing your organization is crucial, and technical solutions are sometimes expensive.

So, what can you do in the United Kingdom during the month of October, which is designated as Cyber Security Awareness Month, that will make a significant impact and usually won’t break the bank?

  • Inquire into the team’s normal, day-to-day worries about safety (at home, on the move, or at work).
  • Building a cooperative security culture requires addressing these concerns. Every member of your staff can play a part in keeping your business safe, and doing so is an essential component of the company’s culture.
    Think about picking a cyberstory each week and discussing it with your group. Every single one of us has either been the victim of an attack or knows someone personally who has. The team would benefit from hearing these tales and discussing them together. They’re a terrific method for people to learn from one another and feel comfortable discussing the warning signals of a cyberattack.
  • Maintain an open-door policy so that staff can ask any questions they have. One of the things your team may worry about is bothering you with a question they deem unimportant or wasting your time. I recently had a conversation with a CEO whose company had lost nearly £500,000 due to CEO fraud. Since then, he has been working hard to change the culture, which had previously discouraged employees from reporting suspicious activity or asking the basic questions that could have prevented the loss.
  • Facilitate the process by which employees can report any questionable emails or messages. Quickly gaining insight about possible attacks is crucial in mitigating the reputational and operational harm that could result from one.
  • Concentrate your efforts on raising security awareness where they will do the most good. Identify the most significant human cyber risks you face and the enabling behaviors that contribute to those risks. Spend more time educating your highest-risk personnel and teams about how to spot and avoid these dangers.

In other words, train your workers just when they need it—when they’re engaging in harmful behavior but don’t realize it.

Your company faces unique human and cyber dangers, which we can help you mitigate.