Subscribe

Moving Beyond ‘One-And-Done’ Cyber Security Awareness

/ 30th November 2021 /
Darren O'Loughlin

Sponsored Content

Human firewalling aims to move security awareness from being a conscious choice to an ingrained habit, writes Dani Michaux (pictured) of KPMG

The world’s largest businesses are spending millions a year on cyber security infrastructure, and yet are still falling prey to hackers. Whether you are a multinational with big IT budgets or an SME, the most important and cost-effective way to prevent cyber attacks is by addressing the human factor.

Firewalls cannot offer full protection, and according to recent research by Stanford University, nine out of ten breaches generally include some element of human error.

Many organisations address cyber security with their employees only once a year, at a company-wide event or training day. While these events are valuable, the message presented often fails to make any meaningful and necessary change in employee behaviour. In the past, the approach to cyber security across most organisations was to treat it as a ‘one-and-done’ issue.

Such approaches won’t cut it any more. A modern cyber security programme must project a consistent and persistent message that cyber security is an essential part of ‘how we do business’. Cyber security awareness needs to evolve into being an integral part of the business function in order to ensure trust in the marketplace.

Human Firewalling

KPMG recently released Human Firewalling, a global report that explores five steps that organisations should take to build an integrated, holistic approach to employee communication around cyber security.

In Association with

The report recommends:

  • taking advantage of the science behind adult learning techniques;
  • using change management to reinforce behaviour;
  • making training more engaging, with innovative technology;
  • personalising the experience, to make it memorable; and
  • organising around a theme that’s communicated regularly.

Human firewalling aims to move security awareness from being a conscious choice to an ingrained habit. The message must reach the part of the brain where it becomes second nature. It needs to leverage the highly visible and vocal support of your C-suite and senior leadership, as they lead by example.

Emotional Engagement

Staff also need to be engaged at an emotional level. Cyber security awareness programmes need to inspire employees to become better digital citizens and improve their practices not only at work, but at home, too, as most employers have now adopted hybrid work models.

Striking an emotional chord is essential to landing the message with employees. This isn’t as difficult as it may sound. Bulletins that are educational and stay on topic, making reference to timely or relevant examples, can be created and distributed monthly.

Regular alerts should be sent out to remind employees to take certain actions, such as changing their passwords or ensuring that they are securing their IT equipment properly.

Organisations should also ensure that they are using their employees to drive the message home. The development of cyber role models and digital trust champions, and celebrating the success of your employees in protecting the business, is key to human firewalling success.

Measuring Success

It’s also important to measure success.

As you roll out your human firewalling programme, keep track of the number of suspicious emails being reported, the participation in any live events or training modules, and the feedback of employees on the effectiveness of your communications.

If you are successfully enabling your employees to become human firewalls, the results should be easily visible.

Learn More

• Download the KPMG Human Firewalling report here

Sign up to The Business Plus Panel to help shape the business decisions of tomorrow and win vouchers for your opinions! 
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram