How to get your team invested in cyber security

Explain the potential impact of a breach

The message that the threat of cyber-attacks is real can be reinforced by explaining to your team what the impact of a security breach on your charity’s activities, the people it aims to help, and even staff members themselves would be.

A ransomware attack, for example, could lock your charity out of its data for several days or weeks, until it can be restored from backups. During this time the charity may be unable to contact constituents, fundraising activities might be forced to cease, and in some cases service delivery may be partially or completely interrupted.

Clarify why cyber security is relevant

Staff may believe that cyber security is handled solely by the IT department and by anti-virus features of endpoint security software, such as Bitdefender GravityZone. But it is important that staff know that this software, along with other cyber security systems such as firewalls and VPNs, can’t prevent every type of cyber security threat.

In particular it is important that your team understands that, according to the EU Agency for Cybersecurity, the biggest cause of cyber security breaches is when staff members unwittingly click on malicious links on phishing emails that can lead to ransomware and other malware infecting computer systems.

Offer simple and easy training

Team members could be forgiven for being scared by all the information that they have been given about cyber threats and for being worried that they might unwittingly cause a disaster.

That’s why it’s important to reassure staff that there are simple steps they can take to prevent cyber crime and that they will receive all the training they need to enable them to do their part in keeping the charity safe.

Many people are far more engaged with training if they see that they personally can benefit from what they learn. For that reason, it is sensible to include tips about how team members can keep their own data safe, as well as how they can keep the charity’s data safe.

New recruits to a charity team usually start with onboarding and induction. This is the ideal stage to introduce cyber security awareness and training. By starting at the point when an employee joins your charity, security becomes an integral part of working for the charity.

Cyber security becomes, in other words, part of your charity’s culture, and this is exactly what you should aim towards. Don’t forget that training shouldn’t be a one-off event: you need to hold regular cyber security sessions to keep security firmly in team members’ minds and to introduce new information as new threats emerge.

Make cyber security easy to practice

It’s all very well training team members to use long complex passwords, but it’s not so easy in practice to use these types of passwords. As long as that’s the case, it will always be tempting to use a simple password like “password1234”. 

By providing staff with a cyber security tool such as a password manager, which can make it easy to use complex passwords, you are much more likely to get them into the habit of using such passwords.

Incentivise cyber security

One of the most effective ways of encouraging team members to be invested in cyber security is to reward them for their interest. So, for example, provide rewards when staff members take cyber security training courses, detect phishing emails, or volunteer to become “cyber security advocates”.

The reward could come in the form of a pay bonus or extra paid leave, or it could be recognised less formally in your staff newsletter or other internal communications.