Data security is of course critically important, but organizations are challenged to stay abreast of the risks that could make them vulnerable to attack. Employees are seen as being the last line of defense, yet employees, distracted by work duties, are notoriously prone to ignoring or not following through on the security best practices companies recommend.
In their quest to create a strong security culture to protect company, customers, data and devices, organizations are continually looking for ways to capture employee attention and drive compliance with security-minded behaviors.
An appeal to their self-interest could be a great starting point.
Employees Face Security Risks Too
Companies aren’t alone in their vulnerability to security risks. Employees are too and they’re well familiar with horror stories concerning people who have had their identities stolen, devices hacked, and information leaked or put at risk.
Helping employees help themselves can be a smart way to raise awareness while at the same time protecting company assets. A number of activities employees engage with in their personal lives can put them at risk—from gaming and legalized sports betting, to freely sharing their life details on social media, to shopping online and more.
Insider Intelligence estimates that more than half of the US population are digital gamers with mobile gaming being the largest segment at 48%. It’s a trend that’s only expected to grow. These numbers are even higher among younger audiences with Deloitte indicating that gaming is a favorite activity of Gen Z, not only in the US, but also in the UK, Germany, Brazil, and Japan. Gamers are subject to risks ranging from malware viruses, to identity theft and endless text and email phishing attacks.
Social media hacks are widespread and well known. Most employees have likely received a Facebook invitation from someone they’re already connected to—a telltale sign of a potential hack. Many have unfortunately accepted these phishing invitations, helping to spread the virus to their own contacts.
These personal situations can hit home for employees and serve as an opportunity for opening up conversations about data security, not just in the workplace, but in their personal lives as well.
Making it About Them
Instead of having a singular focus on how employees can help protect company data and devices, consider offering coaching and training sessions on how employees can protect their own data and devices. These lessons, when framed from a personal point of view, can have more immediacy and impact.
- Just like company data, employee personal data such as Social Security numbers, banking and medical information can be at risk. Educating employees about protecting their data raises awareness of these risks overall.
- Cybercriminals often use company account data and credential to gain access to systems. Emphasize the risk that employees face here and educate them on ways to keep their personal data secure—both at work and at home.
- Share stories and examples that are real and meaningful. Media reports about security breaches and risks are ongoing. When these reports hit close to home—a well-known company, or local individual for example—share these stories with employees.
- Invite employees to share their own security breach experiences to help enlighten others. We humans have a tendency to feel that bad things only happen to other people—not to them. (A cognitive trait known as optimism bias.)
When these risks seem far removed from their own personal experiences, they’re easy to ignore. But when employees share horror stories about how they’ve had their devices or data breached, those influential stories can drive adoption of security behavior.
The more you can drive home the impact of personal risk, the more likely employees will be attuned to the risks that face the organization. That’s especially pertinent now that so many work remotely part and full time.
Protecting Employees at Home
As employees come to appreciate the real and immediate risk of data security not only to their company but to their own private data, they’ll be more attuned to any training that is offered. They’ll also be more receptive to following security best practices and using tools that can safeguard their home office and by extension, the organization.
By Ani Banerjee, Chief Human Resources Officer for KnowBe4
About the Author
Ani Banerjee is Chief Human Resources Officer for KnowBe4, provider of the world’s largest security awareness training and simulated phishing platform used by more than 56,000 organizations. Banerjee oversees HR operations across 11 countries, and is responsible for developing new initiatives to enhance the company’s organizational culture, recruitment channels, and diversity, inclusion, and equity (DIE) strategies. He has 30 years’ experience in global HR leadership roles working for VMware, Dell, Yahoo, and AOL.