Technology, processes and people are the three building blocks of a sound cyber security strategy. Technology consists of those tools used to identify, protect and mitigate cyber risks: firewalls to monitor unwanted traffic, anti-phishing and anti-malware software to detect and stop threats, etc. Processes are those documents that detail best practices and instructions for reducing cyber risks or mitigating the consequences of a security incident. These two blocks are solidly incorporated into most companies’ cyber security strategies.
The third building block – people – often gets left out because people are unpredictable and difficult to manage. In truth, taking people into account makes all the difference, not least because they are essential to the healthy operation of technology and processes.
How to engage your staff
With a staff awareness programme, you can actively engage your staff in your cyber security strategy. The key word is engagement: through training, tools and activities, a staff awareness programme should mould your staff’s behaviour so that best practices for reducing or mitigating cyber risks become normal.
A staff awareness programme should be an ongoing process that nurtures your staff from their induction and continues throughout their years of employment, with periodical updates on latest trends and improvements.
Develop a staff awareness programme in your organisation with IT Governance’s tools and training materials:
- E-learning courses – raise awareness of information security, the GDPR, phishing and compliance requirements with easy-to-follow and comprehensive e-learning courses; a cost-effective solution for training the whole staff.
- Training aids – generate discussion about information and cyber security issues with engaging role-play card games or use posters to share cyber security messages in the office.
- Customised reading materials – provide your staff with personalised pocket guides and books about information security to make sure everybody is on the same page.