he recent data breach suffered by telecommunications company Optus in Australia has thrown the issue of cyber security back into harsh light for many businesses.

With such a huge amount of sensitive data stolen and ransomed, many are left pointing fingers and wondering how such an event could have been allowed to happen.

In the digital world of today, every business holds data that can be devastating to lose to a hacker, whether that business deals directly with customers or not. 

The reality is, every employee in your business needs to be wholly committed to cyber security. Even one small slip up can have terrifying consequences.

Yet few people jump for joy at the words “cyber security”. Too often, it’s associated with boredom, frustration and jumping through administrative hoops. Unfortunately, these feelings can lead to complacency. 

So, how can you instil a sense of responsibility for the cyber security of the company in your staff? By building a security culture.

What is security culture?

Security culture encompasses the ideas and behaviors of a group of people that impacts the level of security risk within an organisation. 

A strong security culture in your company will encourage implementation of cyber security best practice as a community effort.

Without nurturing a security culture, companies are leaving themselves open to immense risk. Though employees might be well intentioned, security breaches caused by employees are unfortunately common. 

With greater awareness of cyber security and training around what constitutes secure modes of transferring private information, your company can reduce the risk of these incidents occurring.

‍

How to build a security culture through cyber security employee training

 1. Go mythbusters on those cyber security myths

Often, conversation around cyber security strays too far towards typical Hollywood perceptions where online security breaches are caused by a lone hacker far, far away.

Building awareness around the reality of cyber security is an essential first step to creating a security culture.

Consider how you can communicate these myth busting truths about security in an engaging way to employees, because people need to know that:

• Cyber security isn’t a technology-only problem. Improving protection means every single user employing security best practice as much as possible. Technology is only as good as the people using it.
• Cyber security isn’t just about credit card fraud. While stealing credit card information is a real threat without appropriate measures, there’s far more on the line. Cyber crime often involves the theft of personal identifying information or confidential business information that can be sold to competitors, spam callers, blackmailers or identity theifs.
• Software won’t protect you completely. Though it’s useful to a certain extent, no software can create an impenetrable defense against hackers.
• Cyber criminals don’t just target large corporations, they’re after small businesses too.
• You might think you don’t have anything worth stealing, but you do! Even if your data isn’t particularly valuable, malicious individuals may target vulnerable computer networks for storing contraband materials, or for use in attacks on other sites.

2. Explain legitimate and relevant examples of how it can go wrong

An understanding of how pressing a cyber security issue is will encourage shared responsibility. 

As part of cyber security training, it’s crucial to use examples relevant to your market. Use case studies and scenarios that employees in your specific industry can understand. 

For example, healthcare professionals will need knowledge of safe ways to handle private patient information. In other instances, employees will need to learn what is and isn’t safe to send via email, as well as appropriate responses to a suspected cyber attack. 

3. Equip your staff with the tools and know how

With an awareness of cyber crime, your employees need the tools and know-how to put security into action. Effective ways of equipping staff include:

• Online courses. The benefits of flexible access means all employees can upskill anytime and anywhere. This also reduces the interruption to a work week that a longer seminar might cause. Check out HowToo's Cyber Security course, available for purchase off the shelf, or free in any HowToo Growth plan.
• Training programs and seminars. Face-to-face training methods can allow learners to raise questions and discuss issues and opinions with others.
• Assign a go-to person for all questions. If your employees aren’t sure who they can ask for clarification on a cyber security principle or process, they may rely on their own (potentially flawed) judgment on how to proceed.

4. Hold everyone equally responsible.

There’s no quicker way to crush a safety culture than by having leaders who ignore or reject it. Before you begin to roll out your safety training and culture, ensure every leader in your business is fully onboard and committed to the cause.

Once implemented, ensure there is consistency. Safety breaches by a leader - even the CEO - should be dealt with the same way as if it were an intern. Unfair treatment will quickly lead to disillusionment and rejection in your staff.

Changing a culture takes work

Cultures aren’t built in a day. Creating responsibility and commitment to cyber security in your team members will take time and ongoing effort. The payoff is well worth it as you minimize risks and protect your company from devastating cyber attacks.