Repetition is (The) Key

Education and awareness will go a long way in protecting your business against many types of cybercrime. But creating a risk-conscious workplace is easier said than done. Of course, the first step in making your staff aware of possible threats is training. But how much of this training do you remember months or even years later?

In order to keep your employees on their toes, you need to remind them on a regular basis which threats are out there, how to recognize them and which actions to take in case they come across something suspicious. But how do you do that? Plan a million more training sessions – keeping everyone from their work, including yourself? That doesn’t seem very manageable, nor practical.

How we successfully fought digital crime with digital tools

Here at the office, we struggled with the same issue. Initial training….check! But then what? During a meeting we asked ourselves the following question: “How do we constantly educate employees about identifying suspicious activity and new possible risks, without sacrificing productivity?”

We cannot make them get up from their desks every single time for a quick training course. And with the amount of emails their inboxes get flooded with every single day, they are A) not going to read an email or B) not even going to notice it.

We finally agreed that we had to try to reach them when they did have a minute to pay attention to what we were trying to communicate. That’s when we started using every available screen in the building to display prevention messages. Messages about opening suspicious emails, giving out confidential information or making dodgy payments, were now broadcasted repetitively throughout the office.

Walking to the coffee corner, people got a reminder through one of our digital signage screens next to the coffee maker. When they didn’t touch their PC for a while and their screensaver popped up on their computer screen, boom another reminder. Browsing through our corporate app during lunch, yes you guessed it, a reminder!

With this combo of digital tools, there was really no escape. There was practically no way that someone couldn’t have seen these messages. We conveniently scheduled them to appear at set intervals, so we didn’t have to worry about them any further. When we spotted a new threat, we added a message about it – and that was basically it.

Besides that, it also gave us a great alternative if something should slip through the net. Because when you’re email is hacked, you’re not going to send an email to warn people, right?

No more careless clicks!

That our approach was working became apparent. Sure, those pesky hackers still try. We still get dozens of phishing emails in our inboxes, but the difference is that nobody is clicking on them.

Is this the end? Probably not. Cybercrime is only going to evolve more over the next few years and people are going to continue to make mistakes, that’s life. But I sleep a little better at night, knowing that we have limited potential threats to a minimum, and that staff members are aware of the (new) threats they face and the part they are expected to play in guarding against them.

What’s Hot on Infosecurity Magazine?