88% of cyber incidents stem from human activity. Human mistakes with often disastrous consequences for your company, customers and employees. How do you make employees aware of cyber risks, teach them how to recognise cybercrime and tell them what to do (and especially what not to do) in case of suspicious situations? In this blog, you will read why it is vital as an employer to create cybercrime awareness in your organisation and how the right software can help.
Did you know that as many as 88% of cybersecurity incidents are caused by human activity? Not for nothing do cybercriminals – with success – fully deploy techniques such as phishing or social engineering.
Some figures from 2021 (Cybersecurity Magazine):
million phishing emails have been sent to over 17,000 companies worldwide.
of the successful phishing actions came from an employee.
of successful phishing attacks came from weak passwords or hacked login credentials.
Technological developments are creating more opportunities to trade or automate certain operations. That is why most companies welcome innovation wholeheartedly. New technologies also make cybercriminals happy, as it makes them even more capable of committing hacks, cyberattacks or online scams. With disastrous consequences – not only for your organisation – but also for your customers and employees.
Possible consequences of cybercrime may include:
Numerous studies show that cyber risk increases with more remote working.In doing so, people are still the weakest link in the cyber security plan, especially after the flight that remote working took during the corona period. Forced by circumstances, many companies then hastily took measures to switch to online working. In many cases, this was not done carefully enough, leading to an increase in security incidents (such as phishing or ransomware attacks) of as much as 238%.
What makes remote working so risky is the ‘cross-pollination’ from the personal to the business environment and vice versa. In particular, the security level of the devices a person works with (endpoint security) is a critical factor here, because:
of office workers use work equipment for personal tasks.
of office workers use their personal computer to access work applications.
of the data breaches could have been prevented if an available patch had been installed.
In contrast to what you might think, the fight against cybercrime is getting weaker in companies. A dangerous development given the exploding number of cyber threats. Fortunately, security in organisations is being increasingly tightened, including by governments. Do you conduct business with European companies, and are you interested in learning more about NIS2? Because In 2024, the new European security directive, the NIS2, goes into effect. Want to know more about the NIS2? Read all about it here.
For larger companies, IT security is often high on the agenda, but for SMEs and small independents, proper security measures are often lacking. A major cause of this is a lack of awareness and urgency: when determining the necessary security measures, many companies start from incorrect assumptions or outdated information. As a result, they are not fully aware of the risks and mistakenly think that things will not go that far. Or they do not know which techniques cybercriminals apply and how to keep them out.
For example, a common misconception about cybercrime is that small organisations often think “we are only small, there is nothing to get from us”. But nothing could be further from the truth. Small and medium-sized companies in particular are more often the victims of cyber attacks, partly because they are more likely to be hit during any widespread cyber attack because they do not have their security in order.
By creating security awareness within your organisation, you can prevent many human incidents. By ‘awareness’, we mean promoting awareness among your employees about the dangers of cybercrime. This ranges from understanding the importance of information security to knowing how to recognise cybercrime, what to do in suspicious situations and, above all, what not to do. In fact, awareness is nothing new, but given the huge increase in the number of security incidents, the topic is more topical than ever. This makes it all the more important for companies to continuously work on it.
When creating awareness, managers’ biggest challenge is to get employees on board. Employees have their own jobs they are busy with. They often regard cybercrime as a technical trick they have little to do with and something the IT department will take care of.
The hardest part for managers is ensuring that awareness around hazards becomes standard behaviour (creating behavioural change) within the organisation. Because how do you ensure that all layers – from the CEO to the facilities department – are able to think about security and recognise cyber risks? If people have to attend yet another long training course or information session for the umpteenth time, there is a risk that at some point they will think “I know it now” and drop out.
Creating awareness can be done in a variety of ways: you can organise security awareness trainings, webinars and workshops, send videos, offer learning videos and tests, and so on. The challenge here is to stimulate employees enough to actually do something with it. As an employee, you have to become and stay interested, and of course act on your new insights.
It is only when you experience a cyber incident yourself that you start thinking about it. Therefore, consciously send a controlled fake e-mail around within the organisation to see if people fall for it. Or have the security officer make a round through the office and draw employees’ attention to risks: is there sensitive data lying openly on desks? Is someone not sitting in their seat and is the computer not locked? Discussing this with each other leads to greater awareness and understanding. Just make sure you don’t scandalise people who are at fault. If you do, employees may be discouraged from reporting an incident in the future.
Opt for ‘bite size’ in all the information you offer, i.e. make sure it does not take too much time. Concise microlearning, short videos, infographics and short reads will achieve much more than endless presentations or training sessions. Briefly triggering your employees each time within a few weeks or months will eventually create understanding, support and insight.
Even though cybercrime is a serious matter, approach it with humour whenever possible. Because humour helps enormously in breaking the ice and making difficult topics negotiable. It takes away stress, energises and connects.
Dialogue and consultation play an important role in the success of your security awareness campaign. Therefore, encourage your employees as much as possible to ask questions, engage in conversation, voice their opinions and share their ideas. As an employer, make sure you provide a safe environment for this. Software such as Zenya BOOST can support this. With BOOST, you put the topic of cybersecurity on the map and initiate dialogue between colleagues. Make sure you listen to your employees and show that you do something with their input.
With Zenya BOOST, you develop effective, cohesive awareness campaigns that create context and understanding and engage people on topics such as cybercrime. The idea behind this is that people are more likely to cooperate in achieving a goal if they understand why something is important and know what is expected of them.
With BOOST, you put together the ultimate awareness campaign, so that your employees know what’s going on when it comes to security and stop falling into the trap of cybercriminals.
Request the brochure to have all the information easily to hand.
Want to see for yourself what Zenya BOOST can do for your organisation?
Read all about it on the Zenya BOOST page. On this page, you can also request a free demo.