Elizabeth Cogswell Baskin

Use Storytelling to Educate Employees on Cyber Security

Do your employees know what to do in case of a security breach? According to Deloitte Australia (as reported on CIO.com), employees of 43 percent of the country’s top brands don’t even know if their company has a procedure to follow in case of a data breach.

Perhaps even more importantly, do your employees know to avoid behavior that could lead to a major security breach? The recent Deloitte Global report titled “Cultivating a Cyber-Risk-Aware Culture” describes a hypothetical spear phishing attack that plenty of intelligent and worldly employees might fall for — if good cyber hygiene is not top of mind.

In this phishing scheme, an employee receives an email promising a gift card in return for answering a survey. The employee was not maliciously sharing sensitive company information. It looked like the email was sent by someone inside the company. And who doesn’t want a gift card?

Talking about cyber-awareness isn’t enough. To many of us, the term cyber sounds dated and vaguely humorous. Like when people joke about the World Wide Net or the InterWeb.

Bring it to life by telling the story. Employees need concrete examples of what risky behavior looks like, so paint the picture of a potential scenario. What sort of information would cyber attackers be looking for? What are some of the common techniques used by cyber-attackers? What are some of the potentially disastrous outcomes? Beyond just saying “Be careful,” we need to give employees a clear picture of what being careful looks like — and what it doesn’t.

Use internal communications to tell that story in ways that are engaging and interesting, not patronizing or scolding. Rare is the employee who would intentionally do harm to the company. But innocent mistakes can do real damage. And employees can’t sidestep a security risk if they don’t recognize the situation as risky.

Interested in engaging your employees in cyber-awareness? Tribe can help.