Person at computer with cybersecurity images

How to engage employees in a cybersecurity culture

It’s a normal day at the office when you hear your inbox ding. You see your colleague has emailed the entire company a document to review. You think it’s strange that he’s emailing the entire company, but you download the attachment anyway to take a look.

And just like that, you’ve fallen victim to a phishing email. And you’re not the only one; several of your coworkers downloaded the document, too.

What’s a phishing email?

A phishing email looks like it’s sent from a legitimate source—like a coworker or a company you do business with—but it’s actually sent by cybercriminals who are trying to trick you into taking action like clicking a link, downloading a malicious attachment or forwarding the message to other people.

Cyberattacks, like phishing emails, are frequent and common, with 47% of small businesses in the U.S. saying they’ve fallen victim to a cyberattack.1 What’s more, 52% of data breaches at small businesses are attributed to employee error.1

In the case of our story above, the document you downloaded on to your computer could contain malware, which can steal your personal information or company information, or lock you out of your data.

How to engage employees in a cybersecurity culture

With cybercriminals continuously getting more sophisticated in their phishing techniques, it’s important to engage employees in a cybersecurity culture that helps them and your company stay safe.

Here are four tips to help engage employees in a cybersecurity culture:

  1. Provide cybersecurity training: One study revealed that only 45% of organizations provide employees with mandatory formal cybersecurity training,1 yet training your workforce for cyber threats is one of the best ways to prevent losing assets and data to an attack.
  2. Make training interesting: Of course, cybersecurity training is only effective if employees are paying attention! Research shows that 64% of employees don’t pay full attention during cybersecurity training, and 36% find it uninteresting.2 To make cybersecurity training interesting, some experts recommend gamification, which is a strategy that incentivizes employees with hands-on, security-related challenges, competitions and rewards.
  3. Don’t forget about remote workers: 74% of remote staff have access to critical data, yet 33% of companies don’t offer cybersecurity training to remote employees.3
  4. Create a safe space for employees: Remember that cyberattacks like phishing emails can look legitimate and be extremely convincing. Mistakes happen—and it’s important for employees to feel safe reporting incidents without fear of consequences, retribution or blame. When employees feel safe reporting cyber incidents immediately, IT can quickly respond to the situation and increase the chances of a positive outcome.

We’re here for you!

Cyberattacks are just one threat your employees face. The impact of critical illness, injury, hospital stays and loss of life also threaten the financial wellbeing of your employees. Washington National is here to help you protect your employees. Check out how we can help.