How to engage non-IT employees in IT security

One challenge we often hear about from clients is the struggle to engage and interest staff throughout companies in IT security, especially those employees in non-technical roles.

From small, local businesses through to large, multinational corporations, and everywhere in between, every member of staff plays a part in a business’s IT security.

In order to embed strong cyber security into any business, it has to be clear that it’s a business priority from the top down, and embraced at all levels in an organisation.

Security must be an integral part of regular conversations, KPIs and exemplified among the C Suite. Simply walking the floor can help senior leadership to understand how well adopted security policies are throughout a company. There’s the age old joke of people writing their password onto a post-it note, and sticking it onto their computer, but perhaps surprisingly, this still happens.

Embedding IT security into a business isn’t a short term task that can easily be ticked off, but with consistency, commitment and accountability, it’s completely achievable.

Here are our top 5 tips to help you start to embed security into any company:

1. Define your baseline – how secure is your business right now? Undertaking manual and automated penetration and cyber security testing will give you a baseline to move and report from throughout a company
2. Implement cyber security practices and policies – must-have elements to include are how to create a strong password, how the organisation helps to protect users and regular actions or tasks for users to take
3. Make it a culture shift – the CEO has to trailblaze IT security. Whether it’s ensuring that their screen is locked every time they step away from their computer, or walking the floor and talking to employees about what they as individuals can do to help protect the business, it’s imperative that all staff can see that senior leadership is taking the same steps that they are being asked to take
4. Make time for fun training – cyber security training doesn’t have to be boring. Centring it around your organisation’s values and people will help users to become more engaged with the topics. It’s also crucial that staff have ample time to take part in the training, with minimal disruption to their daily job. Encourage feedback and discussion, too!
5. Talk about it – in order to continue to engage a workforce for the long term, managers and leadership must demonstrate that IT security isn’t just a flash in the pan. It’s vital that results, wins and failed exploitations are shared, so that employees can see that their efforts matter and help to make a difference

IT Backbone has extensive experience in cyber security testing, fixing vulnerabilities and IT security training. Just get in touch and we will be happy to help you.