Having up-to-date data breach protection and prevention technology is important to ensuring your company data is secure. However, your employees may play a bigger role in cybersecurity than you think. In fact, according to The 2017 State of SMB Cybersecurity report from Keeper Security and the Ponemon Institute, employee negligence was the number one cause of data breaches at small and medium-sized businesses (SMBs) across North America and the UK, with a reported 54 percent of cybersecurity incidents having been caused by careless workers.
How can managers better engage employees to implement best practices when it comes to data security? A positive approach has been found to be most effective, and here are three ways to start:
1. Engage employees by motivating them to care
People are more likely to jump on board when they feel engaged and encouraged. Start by communicating security messages in a way that’s relatable, and be sure to provide actionable steps that employees can take to protect information and respond to threats—this will help increase employee interest.
Rewards are a great way to incentivize good behavior and engagement across the team. Physical rewards such as money or gift cards, or even recognition will often do the trick. And there’s nothing quite as motivating as a bit of competition. Gamification, or applying some elements of game-playing into the mix, is a sure way to increase participation. Try turning information security practices into a competition, and track performance on a leaderboard. This way, not only are you actively engaging employees in following security procedures, but they are learning while they participate.
2. Instead of demands, offer choices
Make your employees feel like they are part of the solution—not the problem. Frame conversations around partnership to convey employees are truly needed to keep the company’s information secure. Rather than saying “you must adopt this security measure,” provide your employees with multiple strategies to keep information safe, and allow them to choose which one they feel most comfortable with.
This strategy also works well when it comes to setting passwords. According to OpenVPN’s 2018 Cyber Hygiene study, approximately a quarter of employees use the same password for all their accounts. Naturally, this poses quite a security risk. Encourage your employees to use different passwords by providing them with helpful strategies to make it easier to remember different passwords. Alternatively, provide them with suggestions on different password management tools they can use. Provide a number of pathways to achieve the same goal of having strong, unique passwords used within your company. There is no one way that will work for everyone.
Additionally, providing regular trainings throughout the year will help employees feel more confident and capable when making day-to-day decisions that may impact the organization’s security. Experiential training with real-world simulations has proven to be highly effective, as it allows employees to build their knowledge base and ability to make choices in the moment.
3. The end goal is security, not perfection
While many companies have historically used fear tactics or deterrent strategies to discourage risky behaviors, a positive approach is more effective in achieving your company’s security goals. Find out what motivates your employees and align your security messages with those motivations. This can sometimes help transform employees from your greatest concern into some of your best partners in keeping your company’s data secure.
It’s important to remember that when it comes to your company’s security, it’s truly a team effort and at the end of the day, we could all do better. For this reason, it’s essential that if your employees do make mistakes—which they inevitably will—they feel comfortable reporting it immediately without the fear of being reprimanded. This will ultimately bring the company closer to its goal of lowering the risk of exposure on all fronts.