5 Positive Ways to Make Your Staff Security-savvy

5 Positive Ways to Make Your Staff Security-savvy

Markus Melin

Head of Tieto Security Services at Tieto

Views 877

5 Positive Ways to Make Your Staff Security-savvy

27.06.2017 12:15 pm

Security is in the daily actions we make. And we all know that when it comes to changing habits, warnings and prohibitions just don’t cut it.

They don’t work because the actions in question are mundane and lack conscious decision-making. For instance, when registering for a new service people use the same and too simple password as before because that is what they have done before as well.

Instead of bans you should train your staff and reinforce the good practices. As we are entering the less-pressing summertime, what would be a better time than now to try out new positive security practices.

Here are five suggestions for you to consider.

1. Carrot instead of stick - reward safe behaviour

In large enterprises it is common that responsibility for security is split and divided. While there are organizational reasons for this, we know from social psychology that when there is a large number of people involved they slip from responsibility and think that somebody else should take action. We also know from experience that this applies to company cultures.

According to 2017 Cost of Data Breach Study, the average cost of a security breach is 3.6 million dollars. And as we know, simple tricks like email phishing still work. How can we encourage our staff to take it seriously?

One simple way is to reward your employees from keeping the organisation safe. For example, you could allocate say a five to six figure sum to the staff’s recreational fund or give an extra Christmas bonus if no staff-related breaches happen.

2. Leverage the positive competitive spirit

You can also take the former one step further by creating a positive competition. It works well when the objective is good and benefits everyone.

You could launch a competition where internal teams compete against each other. The winner is the one that demonstrates the most secure behaviour across the field: when working remotely VPN or other secure connectivity methods are used, the team uses strong passwords for each application, it updates all software accordingly etc.  Since security is part of so many processes, you could also ask the teams to be proactive and encourage actions that were not predefined.

Keep the reporting as effortless as possible. A simple way to report could be sending screenshots to internal communications app to track the efforts of each participating team. The reward could be something fun and supportive like a half workday trip to some nice location.

3. Try gamification

Why not add a layer of adventure to security?

You could set up an internal audit round where every employee is asked to find as many phishing emails, messages with malicious links or other loopholes as possible. If you have a capable IT department, they could set it up and create the pseudo-attacks on different corporate channels and platforms.

4. Dedicate time for cybersecurity

Personal security checks should be done ad hoc and everyday by everyone. But let’s face it: this just doesn’t happen. Security is truly as strong as the weakest link.

The best way to improve your organisation’s security level is to dedicate a moment for it for every employee. For example, by allocating an hour for cybersecurity every quarter for the whole staff, all at once or team by team.

It could include a session where new updates or information are shared. But the most important thing is that each employee gets 15-30 minutes to talk to your security experts and colleagues about new breach manifestations etc.

5. Listen to your staff

Keep your applications, software and processes as easy-to-use as possible. If common tools and information are too difficult or complicated to access, your staff will opt to less secure work-arounds like using personal email or USB sticks.

So listen to your employees and find out how you could make their daily life easier. It’s worth it: you will benefit from better security status and increased overall efficiency and your staff has one less reason to build the famous Shadow IT.

These are just a few examples that you could use. The basic idea is to turn the security culture into a positive realm. Create an open environment where good cybersecurity practises are discussed and executed by each and everyone on a regular basis. 

To know how Tieto Security Services can help you manage your online security, please read more.

Latest blogs

Simon Black Awaken Intelligence

Boom or Bust: How the Financial Services Sector is Coping

Covid-19 has had an impact across all industries and businesses are feeling the sting. However, is it equally devastating within every sector? As industry and individual concerns grow during the inevitable economic crisis, financial services are Read more »

n/a n/a

Tips on How to Successfully Trade CFDs

A CFD or contract for difference is a financial product that allows a trader to speculate on asset classed without owning a portion of the underlying asset. A CFD trade is not an investment but high-risk speculation that carries the risk of losing Read more »

Patrick McKinney and Joe Fuchs Wolters Kluwer Finance, Risk & Regulatory Reporting

Building an Integrated Data Management System: A Guide for Digital Banks

Digital banks and other FinTechs are emerging as more nimble competitors to established legacy banks. The digital banks that are on their way to becoming fully chartered have the opportunity to setup fully automated processes and systems without Read more »

n/a n/a

How COVID-19 Is Ushering In a New Era of Cashless Technology

  Image source: https://www.pexels.com/photo/person-shopping-online-3944405/   Cashless technology isn't a completely fresh concept. People have been using credit cards for decades, and the market for fintech services has been Read more »

Jean Shin tyntec

Using WhatsApp for 2FA is the Future of Banking

From user authentication and password resets to transaction verification, two-factor authentication (2FA) offers basic but useful protection for consumers. The 2FA process typically sends an SMS sent to the customer with a one-time password (OTP). Read more »

Related Blogs

n/a n/a

How to Choose a VPN for Digital Privacy & Security

In a world where almost everything is connected, and where hackers and other malicious people are roaming the internet, it is always advisable that you take every precaution that you can to enhance your data security and privacy protections. Using a Read more »

Colin Neil Adyen UK

P2PE – Silver Bullet or Snake Oil?

Fraud is an ever-present problem for merchants, especially with the increasing number of payment providers, start-up challenger banks, and online shopping sites providing different levels of fraud protection. To ensure the best customer and business Read more »

Sandra Higgins Sysnet Global Solutions

Are You ‘Prescribing’ the Right Security Solution to Your Merchants?

When it comes to leading a healthy lifestyle, eating the right food, taking regular exercise, and maintaining a positive mindset are key. However, despite these best intentions and practices, you still might not get all the nutrients your body needs Read more »

Sunil Jhamb WL Payments

Staying in control of digital payments

For the CIOs and CTOs of banks and PSPs, fraud and security are never very far from their minds. Protecting both their own organisations and their merchants from the threat of cybercrime is a truly business-critical challenge – and one in which the Read more »

Gabriel Leperlier Verizon Enterprise Solutions

Why is Payment Security Compliance Declining with only 1 in 3 Companies Globally Making the Grade?

When companies are attacked, personal and financial customer information from payment card data is often the target. The Payment Card Industry Data Security Standard (PCI DSS) was designed to help protect payment data from the point of purchase and Read more »

Free Newsletter Sign-up
+44 (0) 208 819 32 53 +44 (0) 173 261 71 47
Download Our Mobile App
Financial It Youtube channel