nlenbe-nlseThe best software for quality and risk management.

Creating security awareness among employees? These five tips will make it work!

88% of cyber incidents stem from human activity. Human mistakes with often disastrous consequences for your company, customers and employees. How do you make employees aware of cyber risks, teach them how to recognise cybercrime and tell them what to do (and especially what not to do) in case of suspicious situations? In this blog, you will read why it is vital as an employer to create cybercrime awareness in your organisation and how the right software can help.

Did you know that as many as 88% of cybersecurity incidents are caused by human activity? Not for nothing do cybercriminals – with success – fully deploy techniques such as phishing or social engineering.

Some figures from 2021 (Cybersecurity Magazine):

  • Million phishing emails have been sent to over 17,000 companies worldwide;
  • By 85% of the successful phishing actions came from an employee.
  • In 61% of successful phishing attacks, weak passwords or hacked login credentials were involved.

12+

million phishing emails have been sent to over 17,000 companies worldwide.

85%

of the successful phishing actions came from an employee.

61%

of successful phishing attacks came from weak passwords or hacked login credentials.

The disastrous consequences of cybercrime

Technological developments are creating more opportunities to trade or automate certain operations. That is why most companies welcome innovation wholeheartedly. New technologies also make cybercriminals happy, as it makes them even more capable of committing hacks, cyberattacks or online scams. With disastrous consequences – not only for your organisation – but also for your customers and employees.

Possible consequences of cybercrime may include:

  • Direct financial damage from theft or a ransomware claim (in the case of ransomware);
  • Indirect financial loss due to downtime, disruption or failure of systems;
  • It could also damage your organisation's reputation;
  • Identity fraud with personal information getting into the wrong hands;
  • Fraud, scams or blackmail with sensitive information leaked;
  • Life-threatening situations due to the shutdown of vital utilities, such as water or electricity.
Cybercrime en het belang van het creëren van awareness bij medewerkers

Remote working key risk factor

Numerous studies show that cyber risk increases with more remote working.In doing so, people are still the weakest link in the cyber security plan, especially after the flight that remote working took during the corona period. Forced by circumstances, many companies then hastily took measures to switch to online working. In many cases, this was not done carefully enough, leading to an increase in security incidents (such as phishing or ransomware attacks) of as much as 238%.

What makes remote working so risky is the ‘cross-pollination’ from the personal to the business environment and vice versa. In particular, the security level of the devices a person works with (endpoint security) is a critical factor here, because:

  • 70% of office workers use work equipment for personal tasks.
  • 37% of office workers use their personal computer to access work applications;
  • 57% of the data breaches could have been prevented if an available patch had been installed.

70%

of office workers use work equipment for personal tasks.

37%

of office workers use their personal computer to access work applications.

57%

of the data breaches could have been prevented if an available patch had been installed.

Lack of awareness and urgency

In contrast to what you might think, the fight against cybercrime is getting weaker in companies. A dangerous development given the exploding number of cyber threats. Fortunately, security in organisations is being increasingly tightened, including by governments. Do you conduct business with European companies, and are you interested in learning more about NIS2? Because In 2024, the new European security directive, the NIS2, goes into effect. Want to know more about the NIS2? Read all about it here.

For larger companies, IT security is often high on the agenda, but for SMEs and small independents, proper security measures are often lacking. A major cause of this is a lack of awareness and urgency: when determining the necessary security measures, many companies start from incorrect assumptions or outdated information. As a result, they are not fully aware of the risks and mistakenly think that things will not go that far. Or they do not know which techniques cybercriminals apply and how to keep them out.

For example, a common misconception about cybercrime is that small organisations often think “we are only small, there is nothing to get from us”. But nothing could be further from the truth. Small and medium-sized companies in particular are more often the victims of cyber attacks, partly because they are more likely to be hit during any widespread cyber attack because they do not have their security in order.

Het belang van het creëren van security-awareness bij medewerkers

The importance of creating security awareness

By creating security awareness within your organisation, you can prevent many human incidents. By ‘awareness’, we mean promoting awareness among your employees about the dangers of cybercrime. This ranges from understanding the importance of information security to knowing how to recognise cybercrime, what to do in suspicious situations and, above all, what not to do. In fact, awareness is nothing new, but given the huge increase in the number of security incidents, the topic is more topical than ever. This makes it all the more important for companies to continuously work on it.

Why IT security doesn’t concern your employees so much

When creating awareness, managers’ biggest challenge is to get employees on board. Employees have their own jobs they are busy with. They often regard cybercrime as a technical trick they have little to do with and something the IT department will take care of.

The hardest part for managers is ensuring that awareness around hazards becomes standard behaviour (creating behavioural change) within the organisation. Because how do you ensure that all layers – from the CEO to the facilities department – are able to think about security and recognise cyber risks? If people have to attend yet another long training course or information session for the umpteenth time, there is a risk that at some point they will think “I know it now” and drop out.

Five golden tips to encourage your employees

#1 Offer sufficient variety

Creating awareness can be done in a variety of ways: you can organise security awareness trainings, webinars and workshops, send videos, offer learning videos and tests, and so on. The challenge here is to stimulate employees enough to actually do something with it. As an employee, you have to become and stay interested, and of course act on your new insights.

#2 Confront your employees with the dangers

It is only when you experience a cyber incident yourself that you start thinking about it. Therefore, consciously send a controlled fake e-mail around within the organisation to see if people fall for it. Or have the security officer make a round through the office and draw employees’ attention to risks: is there sensitive data lying openly on desks? Is someone not sitting in their seat and is the computer not locked? Discussing this with each other leads to greater awareness and understanding. Just make sure you don’t scandalise people who are at fault. If you do, employees may be discouraged from reporting an incident in the future.

#3 Keep it simple and manageable

Opt for ‘bite size’ in all the information you offer, i.e. make sure it does not take too much time. Concise microlearning, short videos, infographics and short reads will achieve much more than endless presentations or training sessions. Briefly triggering your employees each time within a few weeks or months will eventually create understanding, support and insight.

#4 Use the power of humour

Even though cybercrime is a serious matter, approach it with humour whenever possible. Because humour helps enormously in breaking the ice and making difficult topics negotiable. It takes away stress, energises and connects.

#5 Encourage dialogue and consultation

Dialogue and consultation play an important role in the success of your security awareness campaign. Therefore, encourage your employees as much as possible to ask questions, engage in conversation, voice their opinions and share their ideas. As an employer, make sure you provide a safe environment for this. Software such as Zenya BOOST can support this. With BOOST, you put the topic of cybersecurity on the map and initiate dialogue between colleagues. Make sure you listen to your employees and show that you do something with their input.

Zenya BOOST, the tool for effective and coherent awareness campaigns

With Zenya BOOST, you develop effective, cohesive awareness campaigns that create context and understanding and engage people on topics such as cybercrime. The idea behind this is that people are more likely to cooperate in achieving a goal if they understand why something is important and know what is expected of them.

With BOOST, you put together the ultimate awareness campaign, so that your employees know what’s going on when it comes to security and stop falling into the trap of cybercriminals.

Discover Zenya BOOST

Request the brochure to have all the information easily to hand.Download the brochure for Zenya BOOST.

Free demo available

Want to see for yourself what Zenya BOOST can do for your organisation?

Request a free demo »

Do you want more information about Zenya BOOST?

Read all about it on the Zenya BOOST page. On this page, you can also request a free demo.