By nature, security departments communicate organization-wide updates on an ongoing basis and, to some extent, rely on open employee communication. As organizations transition to remote work, security teams face a new reality in terms of internal communications and need to overcome major challenges in order to keep employees both engaged and secure.
One of the main risks comes from the soaring spike in fraud, (close to 700% increase in phishing attacks alone), which requires strong security measures, that are harder to achieve and educate about in a distributed security environment.
Employees are stressed by this new reality. Many may be troubled with potential health and financial concerns and feel obligated to constantly follow the news. They are also exposed to fake news and rumors that are spread by social media – adding confusion and anxiety. In addition, there is the challenge of working from home and staying productive while dealing with interruptions by family members.
This ongoing stress affects employees’ ability to pay attention to new communication messages for two main reasons, both related to the principles of cognitive learning:
- People’s mind naturally focuses more on messages related to their source of stress (in this case – COVID-19)
- Facts related to the cause of stress are more memorable than other forms of information
As security leaders, we need to find a way to acknowledge these challenges and break through the noise.
Following these three simple practices would help in achieving an engaging, two-way communication with your employees so you can implement relevant security guidelines quickly and effectively:
1. Stay Relevant
Employees are consumed with the “here and now” and need to receive relevant training content that conveys the new circumstances. Communication and training materials should provide employees with clear guidelines of what to look for and how to avoid risky security practices. Some examples of relevant training materials include:
- COVID-19 Phishing Emails
- Working from home securely
- Privacy guidelines for remote work
- Fake News – be a part of the solution
2. Provide Simple, Actionable Content
Considering the many distractions (especially when working from home) and short attention span, we can expect employees to prefer short training content rather than long videos or texts. All content communicated to employees should be brief and include actionable items so it is clear what is expected of them. A simple ‘dos’ and ‘don’t’ bullet list would be most effective in getting the message across and remaining memorable.
3. Remain Positive, Offer Support
Employees deal with enough stress these days and should be approached with empathy and encouragement. This is the time to step up as leaders and sustain a positive voice. If you plant the seeds of positive communications now, cyber security culture will remain strong and constructive in the long run. It’s also important to include your direct contact information in all communication materials, in case questions or issues arise. With no ability to ask a colleague for quick ”live” advice, employees should feel comfortable to call / email / slack the Infosec team before they make a hasty decision.
Keep in mind that while employees are often regarded as ‘the weakest link’ in enterprise security, they can also be a source of strength when trained properly and when encouraged to play an active role in keeping the organization safe.
For complimentary short, effective COVID-19 training materials, check out CybeReady’s CISO Toolkit here.
Ready to learn more on the only autonomous training platform for enterprises? Schedule a demo with one of our experts to find out if CybeReady is the best fit for your organization.