Cyberattacks are one of the biggest worries keeping CEOs up at night. A recent PricewaterhouseCoopers survey found that US executives now feel cyberattacks are the most serious threat facing their business, with 40% stating it’s their chief concern. And among the root causes of cyber incidents, human error comes out on top: it’s behind an estimated 82% of data breaches, according to a 2022 report by Verizon. That means keeping employees trained on and aware of the many ways hackers can infiltrate an organization’s IT systems must be a top priority.
Easier said than done? Not quite. In fending off cybercrime, talking about potential threats clearly and consistently with employees – or in other words, carrying out effective internal communication – is key. There are many ways internal communication can be leveraged to better defend an organization against cyberattacks.
Discover five top tips from our experts at ahead:
1. Communicate your cyberattack response strategy
Every employee needs to know exactly what to do in the event of a cyberattack: what procedures to follow, what actions to take in priority, how to handle time-sensitive critical information, whom to contact, and so on. That’s especially true for employees working remotely, as they may not have tech support staff on hand to answer questions. You should therefore have a cyberattack response strategy ready, spelling out the key steps for employees to take at all levels. Internal communication can be an effective tool for disseminating such a strategy across your organization. What’s more, internal communication platforms can serve as a go-to point for updates and information, making sure everyone is clear on what to do.
2. Embed cybersecurity in your corporate culture
Many organizations view cybersecurity as a list of dos and don’ts: do encrypt sensitive files; don’t open email attachments from unknown senders. But this kind of prescriptive approach isn’t effective at getting employees engaged and on the lookout for new ways in which hackers can shroud their attacks. Instead, cybersecurity needs to become part of your broader organizational culture. One way to do this is by keeping cybersecurity top-of-mind for employees, such as by reinforcing the message through internal communication. Beyond sending out tips and examples, you can use internal communication platforms to make the content more engaging with storytelling, pop quizzes, and kudos for employees who have taken the initiative in keeping data safe.
3. Adapt your message to different groups within your organization
One key benefit of internal communication platforms like ahead is that you can target your message to specific groups of employees, like those within a given department, regional office, or production site. These different groups are exposed to different kinds of cybersecurity threats. Staff in your head office, for example, don’t have the same kind of IT system vulnerabilities as operators collecting potentially sensitive data out in the field. With effective internal communication, you can tailor your cybersecurity advice and instructions in a way that’s relevant, engaging and meaningful for each type of user.
4. Keep your workforce trained on the latest cybersecurity threats
Hackers are constantly coming up with new tricks and ever-more sophisticated ways of seizing information. While it’s important to include cybersecurity in your new employee training, you can’t stop there. Employees need to be continually refreshed on the latest threats to watch out for. You can provide this kind of ongoing training efficiently with internal comms. Many platforms include features allowing you to share best practices, conduct mock phishing exercises, and demonstrate how new technology can be used securely.
5. Make it real
Another advantage of internal communication platforms – especially when it comes to spreading the word about cybersecurity – is that they’re designed to provide a ‘social network’ feel. Employees can publish and comment on posts, share videos, run quick polls, and more. Such features can be used to promote cybersecurity in an organic manner, in a way that’s directly relevant to workers’ day-to-day jobs. Colleagues can post tips about a new piece of software, share an article about high-profile data breaches, or remind team members that certain files shouldn’t be sent to external consultants. Social-network-type environments also create a ‘safe space’ for employees to ask questions and share their concerns, and for managers to collect ideas from the staff who use business applications on a day-to-day basis.