6 Easy Steps for Promoting a Culture of Cyber Security

6 Easy Steps For Promoting A Culture Of Cyber Security

Mario Cirillo

Mario Cirillo

Chief Technology Officer, Kerv Transform|Kerv Transform

Tech (and fishing) enthusiast Mario is responsible for Kerv Transform’s technical, product and consultancy strategy.

Published 06/07/22 under:

Have a question?

Get in touch

Cyber security is vital for a business with any kind of digital presence, no matter how small (or large) they are.

Modern firms that want to make their digital estate secure will often spend fortunes on Security by Design solutions such as firewalls, MFA’s (Multi Factor Authentication), anti-virus and anti-malware software. What many fail to realise however (sometimes to their detriment) is that the biggest weakness in their cyber security isn’t digital in nature at all; it’s their staff.

From Simon in Accounts, clicking a link in a dodgy email for the nineteenth time, to Brenda in Sales logging onto an unsecured Wi-Fi network in a coffee shop without using the VPN because she just ‘had’ to get her caffeine fix and wanted to check her emails;  it’s unaware or untrained staff that will cause (but can also prevent) the majority of your problems.

Fortunately, there are several basic cyber security tips you can pass on to your staff to make your business a much less appealing target for cyber scammers, hackers and other unsavoury types.

Secure Passwords

We discussed this at length in a previous article so won’t belabour the point too much but it really is vital your staff realise that Password1234 (or even Password4321 if they’re trying to be clever) isn’t secure.

The majority of your problems are going to come down to good culture and governance, making sure your staff are digitally aware and empowered to report anything they’re not sure of.

And if you’re worried, it’s a relatively easy job for your IT team to block the use of certain passwords and make sure they have to be changed regularly.

It’s also important your staff realise they shouldn’t be sharing passwords with each other.

In an ideal word you’d be able to trust all your co-workers but a strong cyber security culture has to start with good governance, which sometimes means putting rules into place to protect against that 1% outside chance.

Educate Your Staff On Phishing Scams

Gone are the days of Nigerian Princes asking for your bank details because they’re so impressed with your business acumen… the modern cyber criminal is a lot savvier than that.

Your staff will need to be on the lookout for multiple scams, across the phone, email and social media.

There are specific things they should be looking out for but again, our biggest tip would be to make sure the right culture exists in your workplace.

Get that right and everything else falls into place.

Your IT Team should be running cyber security awareness sessions at least every six months to show your teams examples of good and bad practices as well as updating them on new security measures and common email scams they should be looking out for.

What To Do When Someone Leaves

The majority of cyber security precautions your staff needs to take are for ‘what if’ situations. Chances are they’ll never occur but they need to be prepared if they do.

In reality, if Sarah from Marketing retires after twenty years of loyal service, not changing your company’s Facebook password probably won’t harm you… but you can never be too careful.

Having good governance in place, with a file showing which member of staff has access to what application is always a good idea.

If they leave, whether that be through choice or especially if not, standard practice should be to immediately revoke their access and change all the passwords for systems they had access to.

Yes, it’s annoying, and yes it’s ‘faffy’ (especially in companies with a high turnover of staff) but in the long term it’ll pay dividends.

It only takes one disgruntled member of staff for your entire organisations cyber security to be put at risk.

Appoint a Cyber Security Advocate For Each Team

By now it should be obvious that good cyber security is everyone’s responsibility.

On a day-to-day basis though it can fall back in the priority list behind someone’s regular duties.

To combat this (and depending on the size of your organisation) it may be worth appointing Cyber Security Advocates to each team within your business.

They can almost act as an extension to the IT team, with a much greater understanding of the day-to-day operations of their department and able to more efficiently spot potential cyber security risks.

Do Your Staff Know What To Do If The Worst Does Happen?

Eventually, someone will make a mistake.

The very worst thing that can happen if someone does make a mistake though is to not report it. The sooner a security breach is identified, the sooner steps can be taken to mitigate or solve it.

Discussing culture again, your staff needs to be aware that the first port of call should be to your IT Team and that they won’t be in ‘trouble’ for clicking a dodgy link or downloading a piece of software they thought was safe. The important thing is in fixing the problem, not in punishing it.

Human error will occur and it’s your job to make sure that it doesn’t compound a problem.

Reward Your Employees

Continuing with the theme of how important culture is, if a staff member does identify a malicious email, or you notice someone championing cyber security then reward them!

Once employees realise they won’t get in trouble if they do happen to make a mistake and they can be rewarded for identifying holes in your security then you’ll find it much easier to bed down a culture of strong cyber security within your organisation.

In the modern office cyber security must be both everyone’s responsibility and everyone’s priority but employers need to realise that staff skill levels won’t all be the same.

Empowering your staff by upskilling them on cyber threats whilst promoting a culture in which threats can be openly discussed and mitigated is the biggest step you can take in protecting your organisation.


If you’re looking for cyber security support, check out our services.


You might also be interested in

From our world to yours

Five Reasons Why Your Business Needs Microsoft Cloud For Retail

From our world to yours

How Much Assurance Does A Project Need?

From our world to yours

Why User Experience (UX) In Nonprofits Matters

From our world to yours

Perpetual Progression: Moving Ever Forward With Data

From our world to yours

Data Driven Transportation Transformation

From our world to yours

Life at Kerv as a Project Manager

From our world to yours

How New Technology Can Free Membership Organisations

From our world to yours

Integrating AI into Nonprofit Fundraising Initiatives

From our world to yours

Protected: Healthcare: A Low Code Strategy Workshop

From our world to yours

Protected: Central Government: Low Code Strategy Workshop

From our world to yours

Protected: Public Transport: Low Code Strategy Workshop

From our world to yours

Masterclass: Power Up Your People

From our world to yours

Getting the Most from Speech and Text Analytics

From our world to yours

Webinar: Get Prepared for the Microsoft Flow Enforcement Changes

From our world to yours

TechTalk Guernsey: Maximising Microsoft for your business

From our world to yours

A New Investor for Kerv

From our world to yours

Technology Revolution in Membership Organisations: AI, Personalisation, and Beyond

From our world to yours

Why You Need To Migrate From Great Plains To Business Central Now

From our world to yours

Microsoft 365 Copilot Now Available in CSP

From our world to yours

Is your Business Delivering Enough Value from its Projects?

From our world to yours

Top 5 CX Trends in 2024

From our world to yours

Projects, Programmes and Portfolios… Know the Difference

From our world to yours

Life at Kerv as a Professional Services Engineer

From our world to yours

Microsoft Flow Suspensions: Prepare for the March Deadline

From our world to yours

SASE: The Iron Man of Network Security

Have a question?

Leave your details and a member of the team will be in touch to help.

"*" indicates required fields

By pressing send, you agree to our Terms and Conditions and Privacy Policy.
This field is for validation purposes and should be left unchanged.