Here we explore how IT professionals are helping their teams mitigate the threat of the human factor.

With our helpful tips, you can involve your colleagues to be the first line of defense against cybersecurity threats.

According to the World Economic Forum’s Global Risks Report, 95% of all cybersecurity breaches in 2022 were due to human error.

Your colleagues are the biggest threat to your company. Can you blame them for something they didn’t know or understand?

Human error is an unintentional act that is often due to a lack of knowledge. The human factor is the way an organization, a culture, a job and an individual work together to give people this knowledge and improve their reliability at work. We need to focus our attention on the human factor in cybersecurity.

1. Avoid jargon

Technical language can be strange to people who don’t understand it very well. When educating colleagues about best cybersecurity practices, keep it simple.

Communicate with your colleagues outside of the IT department in understandable language. Accountants, designers and catering teams may not understand the concept of ransomware, trojans, worms and malware. But you will understand that bad software is often distributed via fake emails to infect computer systems.

Don’t overcomplicate your message. It will only confuse your colleagues and lead to a lack of confidence in cybersecurity.

Tell your teams what they need to know to implement a more cyber-secure way of working and take action if necessary to prevent a cyber attack.

2. Share a cybersecurity checklist

A checklist that everyone in your company has access to will establish good cybersecurity habits.

Explain in an easy-to-understand document what actions everyone should proactively take and when/how they should take them to reduce the risk of a cyberattack.

Here are some examples of what should be included in a cybersecurity checklist:

• Install antivirus protection and check for updates every two weeks
• Back up your files to the cloud every week
• Lock all laptop and device screens when working in a co-working space
• Always use a VPN
• Choose unique and strong passwords for each account and device
• Change your passwords every month
• Apply a “don’t trust, always verify” approach to all emails
• Use password protection and waiting rooms for virtual meetings
• Turn off Bluetooth and file sharing when they are not needed

It is important to be aware of threats at the network, device and output levels. Using a checklist, you can apply this three-step security approach and protect your data and assets.

Add screenshots, links, or demo videos showing how to implement each action effectively. This visual provides step-by-step instructions and a reference tool. Some colleagues may prefer this self-directed approach.

3. Raise awareness of emergency procedures

A checklist ensures colleagues are following cybersecurity best practices. But even the most resilient organization can fall victim to a cyberattack. All team members should know what to do if they suspect something is wrong.

A common example of emergency response is a suspicious email that lands in a colleague’s inbox. Teams need to know what to do in this case. If in doubt, colleagues should always have the courage to contact the security team. You could even add an emergency manual to your cybersecurity checklist to keep all documents in one place.

Include these points in your emergency guide

• Who is the contact person for “First Response”?
• How do colleagues get in touch with you?
• What to do during/outside office hours?

Example of important emergency measures

• Don’t click on suspicious links
• Do not open suspicious attachments
• Do not forward to others
• Do not respond to suspicious emails
• Contact the First Response Team as soon as possible

4. Conduct simple scenario training

Well-structured “And you?” questions help your teams:

• Evaluate your cybersecurity habits yourself
• Stay motivated to follow cybersecurity guidelines
• Consider the cybersecurity checklist
• They apply their knowledge to possible cybersecurity scenarios they may encounter

You can structure the exercise to test individual aspects of cybersecurity, such as working remotely.

5. Celebrate cybersecurity successes

Your robust cybersecurity culture should be an extension of the positive culture within your organization. Celebrating cybersecurity successes boosts team confidence, inspires, and makes colleagues feel valued for their cybersecurity efforts.

Motivate colleagues with weekly updated “safety ratings”. Relate them to training, testing, and identifying potential threats. By motivating your colleagues in this way, you’ll build a smart workforce that sees cybersecurity as an important part of your business.

With a simple poster on the office information board, a weekly email in the form of a newsletter or an update message, you can honor the cyber heroes who saved the company from a potential threat and an expensive attack. This encourages others to follow cybersecurity processes and identify potential security risks.

6. Provide regular updates

Cybersecurity is not a topic that comes up every few months. It needs to be embedded in the business-as-usual (BAU) work of all teams and departments in your organization. IT pros can provide regular updates to keep teams up to date on the latest phishing scams and suspicious emails.

Implementing a cybersecurity culture won’t accomplish everything. There will still be threats that deceive even the most prepared people. Nevertheless, ransomware was the leading attack type in Europe in 2021. Cyber ​​attacks continue.

But by adopting a human-centered approach to cybersecurity and following Brother’s six steps to building a robust cybersecurity culture, IT professionals can help colleagues reduce this risk.

FAQs

What is the difference between human error and human factors?

Human error is an unintentional action – often due to a lack of knowledge – that leads to failure. The human factor is the way an organization, a culture, a workplace and a person combine to influence human reliability at work

How important is the human factor in cybersecurity?

Cybersecurity is about the human factor, when situations that lead to a successful hack or data breach are the result of a human action.

Why is the human factor the weakest link in cybersecurity?

People are fallible and make mistakes. A colleague may be distracted, stressed, busy, unhappy or overconfident. These properties can lead to errors. The human factor will always be the weakest link in cybersecurity.

This is a post by Frank Deneweth, Managing Director at Brother Belgium. Click here to learn more about the company’s solutions.