In business, every time we learn of a data breach from another company, we probably give a sigh of relief and say to ourselves, ‘There by the grace of God go I”. We often hear from cyber security experts that it’s not a question of if your organisation gets hacked it’s when. Beyond installing firewalls and protection software, what else can business owners and managers do to protect themselves from hackers and those ever-so-sophisticated phishing emails. Our recommendation is to focus on increasing your levels of employee engagement.

There are 7 layers of IT security to pay attention to:

• Layer 1 – Mission critical assets: such as your company IT infrastructure and operating systems.
• Layer 2 – Data: such as customer data, employee data and financial records.
• Layer 3 – Software applications: such as Microsoft Office, your customer relationship management system (CRM) and communication tools such as Zoom.
• Layer 4 – Endpoint: this refers to the devices that are used by employees such as smart phones, tablets and laptops.
• Layer 5 – Network: this relates to the system that connects the various devices used throughout your internal organisation.
• Layer 6 – Perimeter: this refers to the system that enables devices to connect with your company that are external rather than internal.
• Layer 7 – Human: this is you and your employees and poses your biggest risk.

According to cyber security firm Kaspersky Lab, 90% of information security breaches are down to human error. The main culprit is social engineering e.g., when employees are tricked into disclosing information via phishing emails or duped into authorising payments of ghosted invoices.

So how can increasing levels of employee engagement help improve cyber security where you work?

It is widely accepted that higher levels of employee engagement increase productivity and improve levels of customer service. It is also acknowledged that low levels of employee engagement result in higher levels of absenteeism, shrinkage and accidents at work. So, it is reasonable to expect that levels of employee engagement will influence how cyber security is viewed in your organisation. For instance, a disengaged employee is:

• Less likely to care about clicking on a link that could lead to a virus bypassing your perimeter layer of security.
• In danger of not questioning an email or phone call requesting vital information that a cybercriminal could use to build a profile picture that could lead to a later cyber-attack.
• More at risk of authorising a ghosted invoice for payment – hard earned money that could be lost forever.

Employees that are highly engaged will:

• Show increased vigilance against the risk that cyber-attacks present.
• Report incidents, real or otherwise, more quickly to enable action to be taken quickly.
• Encourage fellow team members to become cyber-aware and therefore increase your Layer 7 protection.
  

So how can you raise the levels of cyber-security across your organisation in an engaging way?

Here are some top tips:

• Make it personal. Encourage your team to understand the consequences of a security breach for your company, your customers and themselves.
• Make cyber-security topical. Hold regular, practical training sessions based on case studies and stories to illustrate the range of cyber-security threats that exist and how they can occur.
• Devise cyber-security quizzes that can keep the topic alive in your team meetings.
• Reward team members that take action to spot and prevent cyber-attacks from happening.
• Consider appointing cyber-security champions to promote cyber-security and be a subject matter expert for advice and confidence building.
• Ensure that cyber-security is owned by the senior leadership team and that your organisation is led by example.
  

Paul Beesley
Director and Senior Consultant, Beyond Theory

Beyond Theory is accredited with Cyber Essentials