How Does HR Engage Employees in Cybersecurity Best Practices?

How Does HR Engage Employees in Cybersecurity Best Practices?

Engaging employees in the continuous battle for cybersecurity is crucial for any organization. We’ve gathered insights from top industry professionals, including CEOs and Privacy Experts, to share their strategies. From gamifying cybersecurity practices to implementing short, frequent trainings, discover the five key tactics to keep your team vigilant.

  • Gamify Cybersecurity Practices
  • Simplify Secure Procedures
  • Conduct Regular Cybersecurity Training
  • Foster Continuous Education and Recognition
  • Implement Short, Frequent Trainings

Gamify Cybersecurity Practices

Just like everything from marketing to performance to compliance, cybersecurity best practices are best upheld by employees when they are gamified. By making a game of staying on top of security practices, employees view security in a positive light. However, some employees don’t take an interest in this gamification. We also have to remind employees of the terrible consequences that can come from not upholding security practices. A whole lot of positive reinforcement from gamification, and a little bit of negative reinforcement by reminding everyone of what can happen when security protocols are not followed, can lead to a breach.

Bill MannBill Mann
Privacy Expert at Cyber Insider, Cyber Insider


Simplify Secure Procedures

By making it as easy as possible for them to do so. My take on cybersecurity is that people are, and will always be, the biggest risk factor in the system, so you have to understand the reasons for why this is so. The answer, I’ve found, comes down to what is easy and convenient—something that rarely aligns with what is best from a cybersecurity perspective. That said, you do need to be willing to find the points that are negotiable and those that are not. Sure, I would love for you to have to do two-factor authentication with your phone whenever you wanted to sign in, but I know that this is a good way to annoy people into finding unsafe workarounds. So this means finding a solution that is still secure but one that my people will willingly sign on for.

Dragos BadeaDragos Badea
CEO, Yarooms


Conduct Regular Cybersecurity Training

A study by the World Economic Forum shows that human error is responsible for 95% of cybersecurity issues (source: https://www.weforum.org/agenda/2020/12/cyber-risk-cyber-security-education/). Therefore, it is essential for businesses to ensure that employees understand and are aware of cybersecurity concepts. In this regard, regular training sessions and workshops have proven to be the most effective strategy in our experience. With quarterly training sessions, our main focus has been on enhancing employees’ knowledge and understanding of potential threats. These sessions cover information and exercises such as recognizing signs of malware, keeping systems up-to-date, and more.

With this proactive approach, we ensure our employees stay informed about the latest threat intelligence and methodologies to address possible cyber threats.

Yulia PavlovaYulia Pavlova
HR Professional, Key Partnerships Manager, aqua cloud


Foster Continuous Education and Recognition

For a strong security posture, it is crucial to have employee engagement in cybersecurity. We have implemented several strategies at 4Freedom Mobile to keep our team alert and committed to best practices.

First, we place importance on continuous education. Regular training sessions and workshops are run for employees to keep them updated on the latest threats and defensive techniques. This is done not only to build their capacities but also to highlight their significance in protecting the company.

Second, accountability and recognition are ingrained within our organizational culture. Clear policies and protocols have been put in place, which everyone is supposed to observe. Simultaneously, we praise those members of staff who exhibit good practice in cybersecurity matters. This strategy allows our team to understand the burden as well as the advantages of setting elevated security levels.

Lastly, open communication and feedback are highly encouraged. Our employees are aware of any potential security threat that can be reported without hesitation or fear of retribution. Consequently, this openness enables us to address vulnerabilities promptly and reinforces a collective approach towards cybersecurity.

David SinclairDavid Sinclair
CEO, 4Freedom Mobile


Implement Short, Frequent Trainings

Something that’s worked well for me is to keep cybersecurity trainings short and frequent, rather than longer courses that you do once a year. A minute a week is reasonable and tends to reinforce concepts significantly better than longer and more formal training and awareness strategies. This can be as simple as a quick email with a best practice or a short guide for some new security process we’re implementing—the goal is that it takes a few seconds to glance through and internalize, with reinforcement coming next week in the same format.

Kate KandeferKate Kandefer
CEO, SEOwind


Submit Your Answer

Would you like to submit an alternate answer to the question, “How do you keep employees engaged in maintaining cybersecurity best practices?”

Submit your answer here.

Related Articles

Share: