“Cybersecurity is about knowledge, attitude, and behavior of áll employees, from executives to volunteers. Safe working is truly everyone's responsibility. Not just the IT department, as is often thought. So make sure you do more than an annual update on cybersecurity. Give this important topic continuous attention, keep repeating it, and look for different ways to convey the message,” advises Natalie Fransen, an advisor at DEN specializing in cybersecurity.
Ownership: make employees responsible
Link parts of cybersecurity to individuals within the organization. Think, for example, of themes like security or collective safety. This way, you make someone responsible, and that ownership, the sense of responsibility, is essential. Engage in conversations about things like risk analyses, impact, the right approach when things go wrong, technical aspects, motivating other employees, etc.
Communicate cybersecurity in different ways
Everyone is different and processes information in different ways. And not every employee regularly works behind a computer. Therefore, communicate in various forms and styles. Give presentations, organize a lecture, develop e-learnings, post messages on the intranet, put up posters, create a short video, offer workshops, develop a game, or organize a quiz or competition. And always remember: communicate clearly, concretely, and in understandable language.
Repeat, repeat, repeat
What risks does your organization face? What should you do if you receive a phishing email? How do you handle personal data securely? You accidentally clicked on a wrong link, now what? What do you do if a system isn't functioning properly and might even be hacked? Where do you report a problem? Which apps or websites are better avoided? Continuously draw attention to cybersecurity. It's like first aid (BHV): knowledge needs to be refreshed regularly. Also, keep in mind that developments are happening rapidly, so make sure you stay up-to-date.
Ensure involvement & awareness
Organize (brainstorm) sessions or workshops about risks and solutions with employees from different departments. This way, you ensure more involvement and awareness. Your colleagues will feel that cybersecurity is not just an IT matter but everyone's responsibility. An added benefit: you'll hear many practical examples of the challenges employees face. Ask how you can help them and act on it.
Test & learn from the results
There are programs and professionals that can help you test the state of cybersecurity within your organization. If there is a budget for this, it is certainly an interesting option. You can learn a lot from the results and adjust your policy and communication accordingly.
In conclusion
Also download our step-by-step plan, (opens in new tab) you'll benefit from it immediately. And one last practical tip: always have a printed phone list available.
More articles per topic
