5 Positive Ways to Make Your Staff Security-savvy

5 Positive Ways to Make Your Staff Security-savvy

Markus Melin

Head of Tieto Security Services at Tieto

Views 519

5 Positive Ways to Make Your Staff Security-savvy

27.06.2017 12:15 pm

Security is in the daily actions we make. And we all know that when it comes to changing habits, warnings and prohibitions just don’t cut it.

They don’t work because the actions in question are mundane and lack conscious decision-making. For instance, when registering for a new service people use the same and too simple password as before because that is what they have done before as well.

Instead of bans you should train your staff and reinforce the good practices. As we are entering the less-pressing summertime, what would be a better time than now to try out new positive security practices.

Here are five suggestions for you to consider.

1. Carrot instead of stick - reward safe behaviour

In large enterprises it is common that responsibility for security is split and divided. While there are organizational reasons for this, we know from social psychology that when there is a large number of people involved they slip from responsibility and think that somebody else should take action. We also know from experience that this applies to company cultures.

According to 2017 Cost of Data Breach Study, the average cost of a security breach is 3.6 million dollars. And as we know, simple tricks like email phishing still work. How can we encourage our staff to take it seriously?

One simple way is to reward your employees from keeping the organisation safe. For example, you could allocate say a five to six figure sum to the staff’s recreational fund or give an extra Christmas bonus if no staff-related breaches happen.

2. Leverage the positive competitive spirit

You can also take the former one step further by creating a positive competition. It works well when the objective is good and benefits everyone.

You could launch a competition where internal teams compete against each other. The winner is the one that demonstrates the most secure behaviour across the field: when working remotely VPN or other secure connectivity methods are used, the team uses strong passwords for each application, it updates all software accordingly etc.  Since security is part of so many processes, you could also ask the teams to be proactive and encourage actions that were not predefined.

Keep the reporting as effortless as possible. A simple way to report could be sending screenshots to internal communications app to track the efforts of each participating team. The reward could be something fun and supportive like a half workday trip to some nice location.

3. Try gamification

Why not add a layer of adventure to security?

You could set up an internal audit round where every employee is asked to find as many phishing emails, messages with malicious links or other loopholes as possible. If you have a capable IT department, they could set it up and create the pseudo-attacks on different corporate channels and platforms.

4. Dedicate time for cybersecurity

Personal security checks should be done ad hoc and everyday by everyone. But let’s face it: this just doesn’t happen. Security is truly as strong as the weakest link.

The best way to improve your organisation’s security level is to dedicate a moment for it for every employee. For example, by allocating an hour for cybersecurity every quarter for the whole staff, all at once or team by team.

It could include a session where new updates or information are shared. But the most important thing is that each employee gets 15-30 minutes to talk to your security experts and colleagues about new breach manifestations etc.

5. Listen to your staff

Keep your applications, software and processes as easy-to-use as possible. If common tools and information are too difficult or complicated to access, your staff will opt to less secure work-arounds like using personal email or USB sticks.

So listen to your employees and find out how you could make their daily life easier. It’s worth it: you will benefit from better security status and increased overall efficiency and your staff has one less reason to build the famous Shadow IT.

These are just a few examples that you could use. The basic idea is to turn the security culture into a positive realm. Create an open environment where good cybersecurity practises are discussed and executed by each and everyone on a regular basis. 

To know how Tieto Security Services can help you manage your online security, please read more.

Latest blogs

Carl Uminski Somo

Are We Digitally Ready for a Cashless Britain?

Economists estimate that only eight per cent of the world’s money exists in the form of tangible coins and notes; the rest is floating in the digital ether. According to a survey by Forex Bonuses, Britain is third in the world league table of Read more »

Stephan Schmidt-Tank Amazon Web Services

Look to Efficiency and Innovation to Drive Competitive Advantage in Banking

We’re seeing a wave of change sweeping the industry directly related to financial institutions’ need to innovate and transform to compete. At a time when customers’ expectations are changing fast and customer centric companies need to move faster Read more »

Ian Massingham Amazon Web Services

Three Keys to Compliance: Cloud in Financial Services

The global perception of “moving to the cloud” has undergone multiple shifts since its inception. What began as a leap of faith into the unknown has become a core enabler for businesses that want to experiment, innovate and grow. So much so that Read more »

Serdar Karliev kpi.com

Bringing ERP to SMEs

Interview: Serdar Karliev, CEO of kpi.com Financial IT: How would you describe kpi.com? Read more »

Sanjeev Patil Girmiti Software.

Mobile Wallets - Redefining Customer Experience through Enhanced Features

Lately, there has been a lot of buzz around Mobile Wallets as it is creating a new wave in Digital Payments. Nonetheless, Mobile wallets are still at a nascent stage in most of the developing countries, but has become the mode of payment in most of Read more »

Related Blogs

Daniel Follenfant NTT Security

WhatsApp Hack Comment

The hacking of WhatsApp’s messaging service is a classic example of a Buffer overflow attack. Buffer overflows aren’t new, but you don’t often see them these days and this attack is particularly clever because it uses this flaw to gain access to a Read more »

Marc Terry Cardtronics

Technological transformation at ATMs combats targeted attacks

The epidemic of cash machine attacks across the UK is a serious cause for concern with attacks having risen an average of 22% per year since 2014. The attacks, often carried out with heavy machinery, not only damage the ATMs themselves, but cause Read more »

Andre Stoorvogel Rambus Payments

Securing Crypto Assets on the Blockchain

The rapid expansion of the cryptocurrency ecosystem demonstrates the power of the blockchain to revolutionize financial services and beyond. Yet at the same time, the inherent volatility provides a cautionary tale. With blockchain implementations Read more »

Amit Purohit LoginRadius

The Death of Passwords [Infographic]

In the beginning days of the Internet, Users had to remember only few passwords: An email, and a  bank password.But with the rapid development of e-commerce, self-service websites and social media, everyone now has to remember and manage dozens of Read more »

Alvaro Hoyos OneLogin

Security and Privacy Issues Must Be Addressed by Mastercard

Whilst convenient, very few people realise the potential flaws behind the use of biometric fingerprint scanning technology. Fingerprint readers can easily become compromised by the likes of dirt or due to the nature of fingerprints themselves, which Read more »

Free Newsletter Sign-up
+44 (0) 208 819 32 53 +44 (0) 173 261 71 47
Download Our Mobile App
Financial It Youtube channel