How to Communicate With Your Remote Workers About Cybersecurity
When was the last time your employees received cybersecurity training? For many, the answer might be “not recently enough,” especially given the number of people now working remotely. One recent survey found two-thirds of remote workers hadn’t received cybersecurity training over the past year, and 77 percent of them weren’t worried about security while working at home.
As an IT professional trying to assist a largely remote workforce these days, you may find those numbers pretty alarming. But regardless of whether your employees last received cybersecurity training during their onboarding process, last year, or last month, now is the time to take security education seriously. With the right messaging and communication strategies, IT departments can ensure their remote workforce doesn’t open the company up to additional risks when working outside the office.
Get your cybersecurity messaging right
The foundation of your cybersecurity communication is your messaging. IT departments need to convey why cybersecurity is so critical right now, what employees need to watch out for, and what actions remote workers need to take to stay safe.
First off, there are some key reasons security is extra important during periods of remote work. Employees are performing work on their own Wi-Fi networks, their devices may not be protected like they would be in the office, and there’s already plenty of evidence phishing attempts go way up during times of crisis.
That means you need to educate employees about the types of attacks to look out for like phishing, malware, ransomware, and malicious websites, as well as the best practices that will help keep their devices and important company information safe. Incorporate reminders about routine security practices into your messaging for common topics like password security, email safety, VPN usage, personal device policies, and network security.
No one wants to be the person who makes a mistake that leads to a security breach. That being said, many people think they’re tech-savvy and know how to avoid issues. Emphasize that threats are constantly evolving to be more sophisticated and that everyone needs to be vigilant.
Diversify your communication strategies
Once you’ve figured out what information you need to share with your employees about cybersecurity, you need a solid plan for communicating it that will get the attention this topic deserves. Sending out an email with a link to your cybersecurity policies probably isn’t the best way to make sure your message gets through crowded inboxes.
Emails may be the most common method for communicating with large groups of employees, but if you go this route, avoid the “one and done” approach. Consider a series of emails or establish a regular newsletter. Then consider what types of content to include. For example, you could create a video series addressing important topics and tips. You might have members of your IT department share these tips or even have a member of the executive team share information to emphasize how important it is. The format you use to communicate matters a lot, and short pieces of content in a variety of formats can work well. Consult with your internal communications team if you’re looking for creative approaches. They can likely help you brainstorm and develop the content you need
In addition to sending educational content regularly, you can also send phishing tests. At HP, employees are instructed to send any emails that look suspicious to IT, so HP randomly sends emails that look like phishing as a test. When an employee forwards a suspicious email to IT, they receive a response stating whether the email was a test or wasn’t, in which case IT will investigate. This approach can teach employees to be vigilant when opening emails and show them what attacks might look like.
If time allows, you might consider scheduling trainings covering security topics. During these sessions, you could show examples of cyberattacks—examples go a long way toward making an abstract problem real for people—as well as success stories of employees who detected an attack and alerted IT. You can also get interactive and use quizzes to test knowledge. You need people to remember this stuff, and a hands-on approach or a real-life story is often more effective than reading a list of dos and don’ts.
Once you’ve distributed cybersecurity information, you should also make it easy for people to find in the future. Create a central repository for all of your documents so employees can search for answers to questions and review policies.
Have a plan for security breaches
Finally, don’t forget about communicating your plan for responding to an attack. Employees need to know what to do and who to contact when they detect a threat, whether it’s a phishing email, possible malware, or anything else that seems suspicious. Quick communication will help you neutralize any threats and protect company data. If an employee’s device is compromised, you’ll be able to secure it and get the employee back up and running as soon as possible.
Make cybersecurity an ongoing conversation
We don’t know how soon people will return to the workplace, and even when they do, remote work will likely be more common. On this extended network, everyone will need to prioritize keeping their endpoint devices secure and following best practices. From an IT perspective, this means cybersecurity isn’t something we can talk about once in a while. It’s something we’ll need to educate ourselves and our employees about regularly so it stays top of mind.