5 Positive Ways to Make Your Staff Security-savvy

5 Positive Ways to Make Your Staff Security-savvy

Markus Melin

Head of Tieto Security Services at Tieto

Views 596

5 Positive Ways to Make Your Staff Security-savvy

27.06.2017 12:15 pm

Security is in the daily actions we make. And we all know that when it comes to changing habits, warnings and prohibitions just don’t cut it.

They don’t work because the actions in question are mundane and lack conscious decision-making. For instance, when registering for a new service people use the same and too simple password as before because that is what they have done before as well.

Instead of bans you should train your staff and reinforce the good practices. As we are entering the less-pressing summertime, what would be a better time than now to try out new positive security practices.

Here are five suggestions for you to consider.

1. Carrot instead of stick - reward safe behaviour

In large enterprises it is common that responsibility for security is split and divided. While there are organizational reasons for this, we know from social psychology that when there is a large number of people involved they slip from responsibility and think that somebody else should take action. We also know from experience that this applies to company cultures.

According to 2017 Cost of Data Breach Study, the average cost of a security breach is 3.6 million dollars. And as we know, simple tricks like email phishing still work. How can we encourage our staff to take it seriously?

One simple way is to reward your employees from keeping the organisation safe. For example, you could allocate say a five to six figure sum to the staff’s recreational fund or give an extra Christmas bonus if no staff-related breaches happen.

2. Leverage the positive competitive spirit

You can also take the former one step further by creating a positive competition. It works well when the objective is good and benefits everyone.

You could launch a competition where internal teams compete against each other. The winner is the one that demonstrates the most secure behaviour across the field: when working remotely VPN or other secure connectivity methods are used, the team uses strong passwords for each application, it updates all software accordingly etc.  Since security is part of so many processes, you could also ask the teams to be proactive and encourage actions that were not predefined.

Keep the reporting as effortless as possible. A simple way to report could be sending screenshots to internal communications app to track the efforts of each participating team. The reward could be something fun and supportive like a half workday trip to some nice location.

3. Try gamification

Why not add a layer of adventure to security?

You could set up an internal audit round where every employee is asked to find as many phishing emails, messages with malicious links or other loopholes as possible. If you have a capable IT department, they could set it up and create the pseudo-attacks on different corporate channels and platforms.

4. Dedicate time for cybersecurity

Personal security checks should be done ad hoc and everyday by everyone. But let’s face it: this just doesn’t happen. Security is truly as strong as the weakest link.

The best way to improve your organisation’s security level is to dedicate a moment for it for every employee. For example, by allocating an hour for cybersecurity every quarter for the whole staff, all at once or team by team.

It could include a session where new updates or information are shared. But the most important thing is that each employee gets 15-30 minutes to talk to your security experts and colleagues about new breach manifestations etc.

5. Listen to your staff

Keep your applications, software and processes as easy-to-use as possible. If common tools and information are too difficult or complicated to access, your staff will opt to less secure work-arounds like using personal email or USB sticks.

So listen to your employees and find out how you could make their daily life easier. It’s worth it: you will benefit from better security status and increased overall efficiency and your staff has one less reason to build the famous Shadow IT.

These are just a few examples that you could use. The basic idea is to turn the security culture into a positive realm. Create an open environment where good cybersecurity practises are discussed and executed by each and everyone on a regular basis. 

To know how Tieto Security Services can help you manage your online security, please read more.

Latest blogs

Lina Andolf-Orup Fingerprints

Contactless gets a makeover in the UK

The deadline hanging over Europe is finally here. No, not Brexit, but PSD2’s September 14 mandate for the implementation of SCA (or, to those unfamiliar, Strong Customer Authentication). The European law and its implementation by banks has stirred a Read more »

Chris Trew Stratis

Blockchain and the cashless society

It took 200 years before the invention of the printing press heralded the widespread use of modern banknotes. Four centuries on and blockchain technology – still barely a decade old – is moving so rapidly that the days of cash are surely numbered. Read more »

James Booth PPRO

Pioneers of the ‘think global, act local’ outlook

The term ‘global village’ has been in use since the 1960s, but the internet has really turbo-charged the idea. It has shrunk both distance and time, making the world more interconnected. People can now exchange messages, stories, opinions, posts and Read more »

Eugene Danilki Mambu

Launching Speed Boats from Cruise Ships: How incumbents can take on fintech challengers

Digital technology has changed financial services.  It has facilitated innovation, increased competition and made the mobile customer experience the key differentiator. While this is good for customers, established institutions have realise that Read more »

Juan Miguel Pérez Finboot

The challenges facing enterprise adoption of blockchain and why middleware is the solution

In the 20th century, we saw how automated machines transformed supply chains in the manufacturing and industrial sectors, with the key objectives of increasing productivity and streamlining logistics. Today, we are seeing a new wave of Read more »

Related Blogs

Ali Raza Financial Software Systems

The Best of both Worlds: Security and User Experience

Globally e-commerce is booming. According to industry estimates digital commerce is projected to grow at a 20% CAGR to reach $5.8 trillion by 2022.  At the same time fraud losses are mounting. Read more »

Jason Tooley Veridium

Retailers Focus on Security to Avoid Becoming Another High Street Casualty

There is a consistent pattern of disruption in most industries, and surviving in the face of this rising tide means embracing the change, not fighting it. 68 per cent of c-level executives expect their industry to be significantly disrupted by new Read more »

Paul Hampton Thales

Going back to basics will solve a security headache for financial firms

With reports of new data breaches hitting the news every day, you might be surprised to hear that spending on cyber-security is at an all-time high. However, as these attacks become more sophisticated, much of this spend has been focused on Read more »

Arne Uppheim Avast Software

Password Advice

How easy is it for cyber criminals to get past weak passwords? How do they do that? ‘Brute force attacks’ are a common tactic used by cyber-criminals. These attacks use automated software to guess as many combinations as quickly as possible. Short Read more »

Daniel Follenfant NTT Security

WhatsApp Hack Comment

The hacking of WhatsApp’s messaging service is a classic example of a Buffer overflow attack. Buffer overflows aren’t new, but you don’t often see them these days and this attack is particularly clever because it uses this flaw to gain access to a Read more »

Free Newsletter Sign-up
+44 (0) 208 819 32 53 +44 (0) 173 261 71 47
Download Our Mobile App
Financial It Youtube channel