Six Ways To Get Your Employees On Board With Cybersecurity

Post written by

Expert Panel, Forbes Technology Council

Successful CIOs, CTOs & executives from Forbes Technology Council offer firsthand insights on tech & business.

Modern business leaders understand how important cybersecurity is. With data breaches happening on a near-constant basis, it’s absolutely essential that teams are working together to protect sensitive business and customer data.

However, non-IT employees don’t always understand the full scope of security risks that businesses face, or the role they play in making sure cybersecurity works. That’s why we asked a panel of Forbes Technology Council members how leaders can improve team members' buy-in and compliance on their company’s cybersecurity procedures. Here is what they advise:

1. Run 'Capture-The-Flag' Exercises

It can be hard to get employee buy-in and compliance for security when some employees consider security to be “not their job.” Consider “capture-the-flag” exercises with prizes for engineering teams against your own systems and users internally. It can raise awareness as well as provide practice and expose loopholes in your current processes or training. - Rachelle Palmer, MongoDB

2. Engage Via Sharing Employee Opinions

Most employees are already aware of the risks and reasons why cybersecurity compliance are needed. Engage with employees via discussions forums, seminars or surveys asking their opinion on the potential need for cybersecurity procedures with some examples from their current or past experience, eventually sharing their opinions amongst other peers. - Parag Arora, Glowing, Inc

Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?

3. Help Them Understand The Consequences Of Non-Compliance

When people understand the consequences of their actions, they are more likely to buy in to altering their behavior. In the case of cybersecurity, training is useful if it clearly explains and shows the risks associated with certain behaviors. For example, explain what phishing is, what happens when you click a phishing link, and how to recognize them and avoid being caught by one. - Miguel Valdes Faura, Bonitasoft

4. Keep Training Simple And Easy

Keep it simple and intuitive. Start with employee awareness, and provide regular training programs that are personal and relatable. Be transparent about security procedures and use entertaining videos to convey your points. Tie training to their personal lives. Keep it simple and easy. - Magdiel Rodriguez, Alivi

Read more in How To Keep Your Data Secure When Working With A Remote Team

5. Make Cybersecurity Part Of Your ‘Standard Of Excellence’

Cybersecurity is a form of craftsmanship in today's market. To not supply compliance on cybersecurity procedures is to say we do not care about our work and quality. The easiest way for employee buy-in, therefore, is to support a high standard of quality, excellence and craft. - Joshua Davidson, ChopDawg.com

6. Illustrate The Potential Business Impact Of A Breach

Communicating the potential impact of any cyber breach is critical for employee buy-in. Every organization today has several key areas where you want increased employees focus, yet the need to create awareness on cybersecurity has to rise to the top. Compliance is an ineffective lens to cast on cybersecurity conversation. Instead, organizations should spend their calories on explaining what the stakes are and how any slip could land them on the front pages of the local newspaper. This often elevates the conversation and ensures everyone feels the responsibility, rather than another “pointless” task. - Paroon Chadha, Passageways

">

Modern business leaders understand how important cybersecurity is. With data breaches happening on a near-constant basis, it’s absolutely essential that teams are working together to protect sensitive business and customer data.

However, non-IT employees don’t always understand the full scope of security risks that businesses face, or the role they play in making sure cybersecurity works. That’s why we asked a panel of Forbes Technology Council members how leaders can improve team members' buy-in and compliance on their company’s cybersecurity procedures. Here is what they advise:

1. Run 'Capture-The-Flag' Exercises

It can be hard to get employee buy-in and compliance for security when some employees consider security to be “not their job.” Consider “capture-the-flag” exercises with prizes for engineering teams against your own systems and users internally. It can raise awareness as well as provide practice and expose loopholes in your current processes or training. - Rachelle Palmer, MongoDB

2. Engage Via Sharing Employee Opinions

Most employees are already aware of the risks and reasons why cybersecurity compliance are needed. Engage with employees via discussions forums, seminars or surveys asking their opinion on the potential need for cybersecurity procedures with some examples from their current or past experience, eventually sharing their opinions amongst other peers. - Parag Arora, Glowing, Inc

Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?

3. Help Them Understand The Consequences Of Non-Compliance

When people understand the consequences of their actions, they are more likely to buy in to altering their behavior. In the case of cybersecurity, training is useful if it clearly explains and shows the risks associated with certain behaviors. For example, explain what phishing is, what happens when you click a phishing link, and how to recognize them and avoid being caught by one. - Miguel Valdes Faura, Bonitasoft

4. Keep Training Simple And Easy

Keep it simple and intuitive. Start with employee awareness, and provide regular training programs that are personal and relatable. Be transparent about security procedures and use entertaining videos to convey your points. Tie training to their personal lives. Keep it simple and easy. - Magdiel Rodriguez, Alivi

Read more in How To Keep Your Data Secure When Working With A Remote Team

5. Make Cybersecurity Part Of Your ‘Standard Of Excellence’

Cybersecurity is a form of craftsmanship in today's market. To not supply compliance on cybersecurity procedures is to say we do not care about our work and quality. The easiest way for employee buy-in, therefore, is to support a high standard of quality, excellence and craft. - Joshua Davidson, ChopDawg.com

6. Illustrate The Potential Business Impact Of A Breach

Communicating the potential impact of any cyber breach is critical for employee buy-in. Every organization today has several key areas where you want increased employees focus, yet the need to create awareness on cybersecurity has to rise to the top. Compliance is an ineffective lens to cast on cybersecurity conversation. Instead, organizations should spend their calories on explaining what the stakes are and how any slip could land them on the front pages of the local newspaper. This often elevates the conversation and ensures everyone feels the responsibility, rather than another “pointless” task. - Paroon Chadha, Passageways

Forbes Technology Council is an invitation-only, fee-based organization comprised of leading CIOs, CTOs and technology executives. Find out if you qualify at forbestech...