How to create a culture of digital security in your business

Posted by Tilt Recruitment on October 21st, 2020

How to create a culture of digital security in your business

Posted by Tilt Recruitment on October 21, 2020

You know what we really need this October? RAINSTORMS.

It’s National Cybersecurity Awareness Month, and RAINSTORMS is the acronym you need to know to deliver good cybersecurity training.

Every company should provide cybersecurity training for all employees every year, covering all your security-related company policies, like physical security, information security, and IT security. And it shouldn’t be the same boring presentation every year.

If you want your employees to make smart cybersecurity decisions, your training needs to focus on creating a culture of security. That means treating good cybersecurity as good business and as part of the company culture. The key goals of your training should be:

  • Discouraging risky behaviour. Teach people which actions are dangerous, such as opening an email attachment from an unknown sender.
  • Encouraging safer behaviour. Teach them actions that boost security, like making strong passwords, and help them understand why that’s important.
  • Making workers into watchdogs. Teach them how to spot a cybersecurity issue and how to respond – for example, if they see someone putting an unauthorised USB stick in a company computer.

To get the most out of your training, remember RAINSTORMS:

Real: Use real case studies or realistic examples to bring lessons home.

Actionable: Include an action employees can take immediately, like changing their passwords, listing their IT assets, or putting a contact in their phones to report incidents to.

Interactive: Use hands-on exercises and small group discussions. Involve people up and down the hierarchy in two-way conversations so that everyone understands they all share the same responsibilities when it comes to security.

New: Change up your training formats (video,lecture, role-play) to avoid boring people.

Small: To help people remember the information, teach one topic at a time, and break it down into bite-size chunks.

Testable: Set a testable goal for your training. If it’s raising awareness, do a quiz before and after. If it’s reducing the impact of phishing attacks, send a fake phishing email before and after.

Owned: Give employees a sense of ownership. They should leave the training feeling responsible for their security decision and empowered to make good ones.

Relevant: Make your training specific to each group of employees so that, for example, your blue-collar workers don’t have to sit through things that are only relevant to office staff.

Memorable: Use acronyms, mnemonics, and humour. Don’t be afraid to include puns or funny pictures.

Simple: Most importantly, keep it simple. Too much detail and jargon will send your workforce to sleep.

Finally, training doesn’t have to be limited to one big dose once a year. Just like plants, employees grow best when regularly sprinkled by RAINSTORMS. Try out some of these tactics:

  • Regularly emphasising the importance of cybersecurity as a company goal.
  • Mentioning a cybersecurity reminder, tip or trick in every meeting.
  • Putting up reminders about security practices around the workplace.
  • Having regular meetings on how processes could be improved to make it easier for people to make good security decisions.

Looking for a new role in Cyber-security? Get in touch- 01625 525 300

Latest blog posts

Building a Strong Employer Brand in Tech

Posted on

In today’s hyper-competitive tech industry, having a robust employer brand is the key to attracting and retaining the best and brightest talent. Your employer brand is the reputation and image your company projects as an employer, and it can be the deciding factor in whether top tech professionals choose to work for you or your […]

Read more

In-Demand Tech Skills: What Employers Are Looking for in the Modern Era

Posted on

In today’s fast-paced digital world, technology is advancing at an unprecedented rate. From the rise of artificial intelligence and machine learning to the ubiquity of cloud computing and cybersecurity threats, the tech landscape is constantly evolving. As a result, employers are seeking professionals with a diverse range of skills to stay ahead of the curve […]

Read more

Employee Retention in the Tech Industry: Strategies for Success

Posted on

In today’s fast-paced and highly competitive tech industry, retaining top talent has become a crucial challenge for businesses. As the demand for skilled professionals continues to rise, companies must develop effective strategies to keep their best employees engaged, motivated, and loyal. By focusing on employee retention, organisations can not only reduce the high costs associated […]

Read more

Get in touch and we’ll call you right back!

    Before getting in touch with us, please ensure you take a look at our privacy notice so you understand what data we collect from you, why we collect it and what we do with it.

    Fields marked with * are mandatory