Faced with a barrage of cyber threats from all directions, today’s businesses widely acknowledge the need to entrench cyber security into every aspect of their operations, culture and decision-making. With the unpredictable environment, the rise of new scams and the changing work arrangements of the past year introducing new risks, the stakes are higher than ever, and many leaders must find new ways to reinforce their organisation’s security efforts. Human error is widely considered as one of the most significant contributors to security breaches, so finding new ways to engage employees in security measures will be top of the priority list for many organisations as employees return to office life.
Speaking with a wide range of leaders and industry professionals in my day-to-day work, the issue of how best to drive this engagement is one that regularly comes up. Based on some of the insights they have shared with me, here are three ways you can improve employee engagement in cyber security within your business.
1. Gamification of Cyber Activities
One of the easiest ways to boost involvement in cyber activities is gamification – adding game logic, principals or thinking to a task to encourage participation. A 2018 survey by TalentLMS revealed that 83% of employees who received gamified training reported feeling more motivated to engage with and practice the learnings.
By making cyber security more fun and interactive, you can motivate participants to take a greater interest in the protection of digital assets and ultimately perform at a higher level. Here are some of the top gamification elements you can use to motivate employees:
- Introduce a points system to measure engagement, with badges and levels marking achievement. Award points for positive actions, such as reporting scam emails and handling security threats correctly, and deduct points for slip-ups like leaving a laptop unlocked.
- Establish a leader board to add healthy competition into the mix, encouraging employees to vie with colleagues for the top positions.
- Offer incentives for different activities and leader board rankings, such as movie vouchers, free lunches and other prizes. Keep in mind that incentives don’t have to break the budget to be effective – public acknowledgement and certificates can also work well.
2. Tiering Employee Segments
Having a basic understanding of cyber security is essential in today’s business world, and organisations must continuously train employees to increase awareness of the risks they face. However, this training is far from one-size-fits-all – regardless of if it is outsourced or done in-house, getting the best results from training initiatives means tailoring them to each employee segment and spending more time where it will be most impactful.
For example, Executive Assistants need to have greater security awareness due to the critical information they handle daily, as do Database Administrators who are trusted with handling confidential customer information. Likewise, Software Developers are responsible for embedding security controls into the code they work with, so being sufficiently security-savvy is vital.
Whether it’s leadership roles or specific groups in the organisation, adapting security messages to ensure they’re pertinent to the right people will keep them engaged in the learning and focused on the aspects most relevant to them.
3. Leading by Example
Cyber security is no longer a problem isolated to just an IT department, it is a leadership issue that must be embedded throughout the company. Since cyber security can’t function in a vacuum, decision-makers must lead from the front to drive buy-in and set the tone for the wider business.
Modelling security best practice, being consistent with enforcing policy and supporting the security team to create a practical framework are key roles for leaders to play. Additionally, it’s important for them to continuously maintain awareness of the shifting cyber security landscape through:
- Conferences, e.g.
- Books, e.g.
By taking steps to improve employee engagement in cyber activities, you can maximise security efforts, head off threats before they impact the business and build an organisation where security is at the heart of critical decision making.
What are you doing to boost security engagement in your organisation? Is there anything you would add to the ideas above? I’d love to hear your thoughts.