Estimated reading time: 4 minutes
Unfortunately, cybersecurity is not just a buzzword. Cyberattacks are becoming more frequent and increasingly sophisticated. Excellent IT security is no longer enough to prevent sensitive company information from falling into the wrong hands. The biggest cyber threat is actually within your own organization: your employees. According to IBM’s Cyber Security Intelligence Index, a staggering 95 percent of all cyberattacks are caused by human error.
The idea of a group of criminal hackers operating from an abandoned nuclear bunker in Russia is certainly intriguing. It makes hacking seem mysterious and even a bit cool (let’s be honest). However, the culprit is usually “Marketing Mark,” who receives a bank statement in his mailbox and accidentally downloads it.
Innocent mistakes like these can have dramatic and costly consequences. For example, in August 2015, a spear-phishing attack on the Pentagon exposed confidential information of about 4,000 military personnel. All because an employee clicked on a link in a dubious email.
But how do you prevent employees from falling victim to digital scams?
Creating a risk-aware workplace is easier said than done. Of course, training is the first step in raising awareness among your employees. But how much of that training will someone remember after weeks, months, or even years?
To keep your employees vigilant, it’s important to regularly inform them about the (new) threats that exist, how to recognize them, and what actions to take. But how do you do that exactly? By scheduling a bunch of time-consuming refresher courses that take everyone away from their work? No.
We faced the same problem here in our office. Training for all our employees… check! But how do we keep our staff continuously informed about new risks and cyber threats without sacrificing productivity?
Taking employees away from their workstations to attend new training sessions was not an option for us. Sending an email to an already overflowing inbox also proved to be unsuccessful.
We realized that we needed to reach our people when they actually had a moment to spare. That’s why we started displaying prevention tips and warnings on all available screens within our company. Important messages about opening suspicious emails, forwarding confidential information, or making fake payments. These messages were repeatedly shown throughout the entire office.
While walking to the coffee corner, employees received a reminder on one of our narrowcasting screens next to the coffee machine. If someone hadn’t touched their computer for a while, the screensaver, filled with prevention tips, would automatically appear. And scrolling through our company app during lunch, you guessed it, another reminder!
With this combination of digital tools, there was almost no escape. By scheduling the messages in advance, we didn’t have to worry about them anymore. When a new cyber threat emerged, we could respond immediately by creating an additional message. Simple.
This new approach also provided us with a great solution if something did slip through the cracks. It would be rather strange to send an email when your mail server has just been hacked, right?
It quickly became clear to us that our approach was working. Those persistent cybercriminals are still trying. We still receive dozens of phishing emails every day. But the biggest difference compared to some time ago? People now thankfully think twice (or even three times) before clicking on something. That’s how we tackled the biggest cyber threat.
Is this the end? Probably not. Studies indicate that cybercrime will evolve significantly in the coming years. But at the end of the day, I go home with peace of mind, knowing that we have minimized potential cyber threats.