95% of cyber security incidents are caused by human error. Dealing with human error is a difficult task to tackle for IT and can only be addressed through educating users of their involvement in the Business Cyber Security Strategy. A great way to do this is to run an internal marketing campaign to raise awareness of your cyber security strategy goals and objectives.
Not all IT teams have the marketing skills to run an effective user education campaign. This is not a reflection on the quality of the IT department and the technical abilities required to protect the business data, however it does leave a gap in the cyber security strategy. If the users are causing 95% of the compromised systems, then they must be told to stop doing it. How do we educate them in an effective manner?
Most users are worried that they will be “the one” who causes the problem, so you will find most people want to learn how to avoid that scenario. They will also want to learn for personal protection as well as protecting the business.
A few tips:
- Don’t get too technical!
- Hold Cyber Security Seminars – Keep them short, 10-15mins to get max attendance
- Send out videos with tips and strategies – Short 1-3 minute videos
- Create posters clearly outlining the key points and put them in common areas. Keep them brief 1 point on each poster. (I find it entertaining that we normally have a sign in the kitchen to stop leaving dirty dishes on the bench, yet we don’t have one that helps users protect the business data)
- Engage your Marketing and/or Human Resources teams if you have them
- Ensure your Executive and Leadership teams are educated and will re-enforce your message
- Have some fun and be creative