Employees contribute to a company’s overall security and they should know it. Whether they’re at work on their phones scrolling through social media or sending e-mails, they are putting you at risk. For example, an employee can accidentally open a malicious link while at work. This could then spread across other computers in your network. Approximately 90% of cyber attacks are attributed to human error. The best way to educate your employees is to have a strong cyber security culture embedded into your organization.

cyber security culture

Source: CompTIA

Why Is Cyber Security Culture Important?

Employees are good targets for cyber criminals, especially those who are looking to hack a company. Hackers can easily target employees by sending them phishing e-mails or via social engineering online. If your employees are unaware of these security risks, they can become victims to cyber criminals. In one report, 75% of bank employees clicked on phishing links.

Failing to have good cyber security culture can cost your organization, with the average cyber attack costing $1.23 million. Investing in IT solutions like Jolera’s Secure I.T.™ help make your networks more secure but employees are a vulnerability that companies can regulate.


Establish clear security policies, principles and procedures

Employees should be educated on how your company deals with security issues, solutions and behaviour. They should know exactly what guidelines to follow. Establishing rules help instill norms that contribute to your overall security.

Build an engaging community based on security

Create an environment where everyone works together to avoid security incidents. Your employees should feel comfortable talking about security and the risks they encounter. A culture of fear and blame around reporting security errors or making mistakes is not productive. This could lead to employees being less likely to report on security flaws, leaving you more vulnerable. Be the one to lead and encourage your employees to have good cyber security habits.

Make Security Fun

Learning about cyber security does not have to be boring. Go beyond dry presentations and simple PowerPoint slides. Create fun newsletters, posters and events to get your team excited about security. You can even run phishing simulations and have departments compete on who clicked on the fewest links. Let your employees make positive associations with security.

Keep it Simple

Security does not have to be complicated. Your employees shouldn’t worry about learning complex terms and issues in addition to doing their job. Educate your employees in a way that’s easy to understand and make security accessible to your team.

Reward your employees

Show employees that security matters by rewarding them for their security management. A simple acknowledgement or words of gratitude can provide the positive reinforcement your employees need. Let them see that you care about their contributions to your security.