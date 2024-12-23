BY Fast Company Executive Board4 minute read

As the digital landscape continues to expand in the marketplace, having a company strategy to prevent costly cybersecurity threats is now a necessity—not a “nice to have.” Getting your employees on board and up to speed starts by setting the best example from the top down to encourage your entire team to take the cybersecurity risk management procedures much more seriously.

Here, 14 Fast Company Executive Board members provide their top solutions for setting their teams up for success and remaining updated about the latest phishing attacks and how to steer clear. With consistent training and the right mindset, your team will thank you in the long run for helping them stay well-prepared for what’s to come. 1. SHARE RESPONSIBILITY—FROM THE TOP DOWN—TO STAY SECURE. Leadership builds a cybersecurity-aware culture by setting the tone from the top and making security a shared responsibility. This involves integrating security into daily operations, offering ongoing training, and recognizing proactive security actions. Given that 90% of consumers are concerned about deepfakes, leaders must prioritize protecting the company’s data to build customer trust. – Vijay Balasubramaniyan, Pindrop Security Inc.

2. PROVIDE CONSISTENT OPEN COMMUNICATION. Leadership should effectively communicate why security awareness is essential for a resilient organization, not just lead by example. With consistent and open communication, leaders can ensure that their staff understands where and how cyberattacks originate and how to thwart them while also adopting a security training program that works for their business and their people. – Nick Schneider, Arctic Wolf 3. CREATE A ‘BLAME-FREE’ REPORTING CULTURE.

Cybersafe company cultures start from the top. Management teams must lead by example, develop and articulate a cybersecurity policy, and invest in employee training. Creating a “blame-free” reporting culture encourages employees to report security incidents, allowing IT to act quickly and efficiently. Company leaders must also encourage a mindset of learning and improvement as new threats emerge. – Ally Zwahlen, Reputation 4. MAKE CYBERSECURITY A PART OF YOUR ONGOING MARKETING CAMPAIGN. Security is not a thing—it’s a mindset. The act of enforcing security immediately destabilizes it, creating insecurity. The key here becomes how to reframe any imperative into a desirable outcome that everyone voluntarily embraces. This is an internal marketing campaign. The right repeated messaging, linked to company values, influences mindset and creates ownership and shared responsibility. – Jay Steven Levin, WinThinking

5. SEND RANDOM TEST SPAM EMAILS TO EMPLOYEES. First and foremost, having training available for employees is important. Then have the IT team send random test spam emails (throughout the year) to employees. If someone clicks or fails, have them do the training again. – Ruchir Nath, Dell Technologies 6. KEEP EMPLOYEES AWARE OF THE LATEST PHISHING SCAMS.

With new cybersecurity risks constantly emerging, the best way to spread awareness is through keeping everyone informed and ready. Leaders should discuss things like the latest phishing scams happening, how they can be identified and prevented, and also which additional security and authentication measures are being implemented to help protect their essential work software. – Misty Larkins, Relevance 7. HAVE REGULAR CYBERSECURITY FIRE DRILLS. Practice cybersecurity fire drills. Train the development team in relevant protocols and then intentionally duplicate, swap, and hack the software so they immediately become aware of cybersecurity concerns by learning how to manage it. It’s easier than one would expect if you have access to the keys for hosting technical infrastructure. An easily extinguished fire is better practice than any drill. – Sean Adler, SWN

8. GAMIFY HOW TO AVOID CYBERATTACKS—MAKE IT FUN. Creating a cybersecurity awareness culture starts with active engagement, not dry policy reminders. I’ve found success by making cybersecurity a game. In our all-hands channels, I run a series called #SpotTheFlag, sharing real phishing emails that bypass filters. The team jumps in to call out red flags. It’s not just training; it’s collective defense and fun, building vigilance across the organization – Shaheen Yazdani, Intercept 9. INCORPORATE CYBERSECURITY INTO EMPLOYEE PERFORMANCE APPRAISALS.

Make it a small part of an employee’s performance appraisal review if they fail an informational security audit. It does not need to have a huge impact but enough so that people take it seriously. Also, try to migrate to new devices and safer protocols if your budget will allow. – Zain Jaffer, Zain Ventures 10. ENROLL EMPLOYEES IN A 45-MINUTE ONLINE TRAINING COURSE. We’ve been hit by many phishing expeditions. The way we protect ourselves is by insisting that everyone go through a 45-minute online training course. It’s helpful to create awareness of the problem and simple things to be aware of. The course elevated the knowledge of the entire organization. – Barry Lowenthal, Inuvo, Inc.

11. ACKNOWLEDGE EXEMPLARY EMPLOYEE PRACTICES. Recognize employees who exemplify strong cybersecurity practices or report suspicious activity. Acknowledging their contributions in meetings or newsletters reinforces positive behaviors and shows that cybersecurity is valued across the organization. – Britton Bloch, Navy Federal Credit Union 12. DEVELOP INCENTIVES TO BOOST EMPLOYEE KNOWLEDGE.

To build a cybersecurity culture, replace passive training with interactive engagement, like daily quiz questions in meetings with small incentives to boost participation. Tailor topics to each team’s role for relevance. Leadership’s active involvement and a blame-free reporting environment make security a shared, ongoing responsibility across the organization. – Ovunc Sezer, Snapshot Reviews 13. MERGE COMPANY CYBERSECURITY MEASURES INTO DAILY WORK ROUTINES. To create a cybersecurity awareness culture, leadership should integrate it into daily routines—share news in Slack, discuss updates in meetings, and emphasize policies like avoiding USB drives. Leverage Cybersecurity Awareness Month with training and articles to reinforce best practices. This makes security a consistent focus for employees. – Justin Rende, Rhymetec