Employees: Your Best Defense Against Cyber-AttacksBy Guest Author | Posted 2017-08-09 Email Print
Storytelling is an effective way to engage people, and, in a world where content is king, it can help reinforce your cyber-resilience campaign.
We need a different approach—one that moves beyond the annual tedious "check-the-box" approach.
Just as our technical security controls must constantly adapt in order to combat changing cyber-threats and vulnerabilities, so too must we ensure that all our staff members maintain awareness of evolving security threats. We need to provide staff members with the simple, practical guidance they need in ways that provide the adaptive, personalized and efficient learning that organizations increasingly demand.
There are some simple guiding principles to bear in mind when considering your cyber-awareness learning campaign. They include the following:
1. Involve leadership: Get senior executives involved in the campaign to highlight the positive benefits of resilient behaviors, assist in rewarding and inspiring the staff, and illustrate how seriously your organization is committed to protecting its most sensitive information.
2. Reinforce the message: Memories are fragile, so plan to refresh and evolve the learning content and delivery techniques with your staff on a regular basis. Combine engaging online learning content and formats with offline activities to help sustain and instil the understanding and importance of new behaviors.
3. Accommodate different learning styles: People learn differently so develop your campaign around a lively mix of online formats: games, animation, simulations and videos.
4. Use every means at your disposal: Always stay agile and always adapt, fine-tune, pilot new techniques and react quickly to the latest attack stories and how they affect your people.
5. Tell stories: People remember stories more readily than dry facts. Great campaigns have great stories to tell. Use realistic scenarios to bring the message home.
This last point brings me back to Jim Baines, the CEO of Baines Packaging. Jim’s story is a fictional account, inspired by real-life events, of a damaging cyber-attack on a CEO, his organization and its clients. But it highlights how storytelling works.
We make sense of our lives through stories. In the highly technical, jargon-heavy world of cyber-security, a compelling story can resonate with audiences, while dry reports and training can fail to connect.
As a Harvard Business Review article highlighted in 2014: "A story will go where statistics, data and quantitative analysis are denied admission: our hearts. Data can persuade people, but it doesn’t inspire them to act; to do that, you need to wrap your vision in a story that fires the imagination and stirs the soul."
Your employees may not be as aware and vigilant as they should—and could—be. They should be your most effective defense against cyber-threats, so use storytelling to engage them in your cyber-resilience campaign.
Nick Wilding is general manager, RESILIA Cyber-Resilience at AXELOS Global Best Practice. He has been working at the sharp end of cyber-security since 2003 and is a regular speaker on the subject internationally. Nick helps organizations improve their employees’ cyber-resilience behaviors.