How to get your team invested in cyber security

Explain the potential impact of a cyber breach

 

The message that the threat of cyber-attacks is real can be reinforced by explaining to your team what the impact of a security breach on your charity’s activities, the people it aims to help, and even staff members themselves would be.

 

A ransomware attack, for example, could lock your charity out of its data for several days or weeks, until it can be restored from backups. During this time the charity may be unable to contact constituents, fundraising activities might be forced to cease, and in some cases service delivery may be partially or completely interrupted.

 

 

 

Clarify why cyber security is relevant

 

Staff may believe that cyber security is handled solely by the IT department and by anti-virus features of endpoint security software, such as Avast. But it is important that staff know that this software, along with other cyber security systems such as firewalls and VPNs, can’t prevent every type of cyber security threat.

 

In particular it is important that your team understands that, according to the EU Agency for Cybersecurity, the biggest cause of cyber security breaches is when staff members unwittingly click on malicious links on phishing emails that can lead to ransomware and other malware infecting computer systems.

 

Charities can access cyber security software at a discount through the Charity Digital Exchange, as a result of the Avast donor programme. Avast is intuitive and easy-to-use for charities of all sizes, making it easier for teams to have confidence in their cyber security, while still remaining vigilant for any risks. 

 

Offer simple and easy cyber security training

Team members could be forgiven for being scared by all the information that they have been given about cyber threats and for being worried that they might unwittingly cause a disaster.

 

That’s why it’s important to reassure staff that there are simple steps they can take to prevent cyber crime and that they will receive all the training they need to enable them to do their part in keeping the charity safe.

 

Many people are far more engaged with training if they see that they personally can benefit from what they learn. For that reason, it is sensible to include tips about how team members can keep their own data safe, as well as how they can keep the charity’s data safe.

 

New recruits to a charity team usually start with onboarding and induction. This is the ideal stage to introduce cyber security awareness and training. By starting at the point when an employee joins your charity, security becomes an integral part of working for the charity.

 

Cyber security becomes, in other words, part of your charity’s culture, and this is exactly what you should aim towards. Don’t forget that training shouldn’t be a one-off event: you need to hold regular cyber security sessions to keep security firmly in team members’ minds and to introduce new information as new threats emerge.

 

 

 

Make cyber security easy to practice

 

It’s all very well training team members to use long complex passwords, but it’s not so easy in practice to use these types of passwords. As long as that’s the case, it will always be tempting to use a simple password like “password1234”. 

 

By providing staff with a cyber security tool such as a password manager, which can make it easy to use complex passwords, you are much more likely to get them into the habit of using such passwords.

 

 

 

Incentivise cyber security

 

One of the most effective ways of encouraging team members to be invested in cyber security is to reward them for their interest. So, for example, provide rewards when staff members take cyber security training courses, detect phishing emails, or volunteer to become “cyber security advocates”.

 

The reward could come in the form of a pay bonus or extra paid leave, or it could be recognised less formally in your staff newsletter or other internal communications.