Our colleagues in IT are busy fighting with firewalls and declaring war on malware, but data protection isn’t just their problem. Follow these seven golden rules to create a culture of security in your organisation
We work alongside internal comms teams on all sorts of projects – including behaviour change on data privacy. Before we get to work, we kick off with a discovery workshop to find out exactly what our client’s employees think and feel about security – and whether they even consider it their responsibility.
Start by listening and finding out what the problems are.
Once you’ve identified the risks, focus your campaign on those themes. What is security like around staff leaving your employment? Are your suppliers regulated? What happens when people leave the building? Are laptops at risk of being left on trains? Do people regularly fail to log out of shared computers? Do you have a manager that’s lax on clear desk policies?
Whatever the risk, don’t generalise about security – let people know exactly what behaviour you want to see.
An induction is a great place to start talking about best practice, but it’s not the place to end it.
An induction process that makes expectations clear from day one is vital. But whether it’s roadshows, email programmes or full-on campaigns, keep hammering that security message home, for the long haul.
These days, lots of people have been victims of cyber crime. Talking about data security in the abstract isn’t very relatable – it sounds like more tedious layers of rules and regulations – and that’s when standards can slip.
Tell stories about how security breaches affect the lives of real people, just like your colleagues. This helps individuals see how they play a part in keeping everyone safe.
Different people respond to different messages. Repurpose your data protection content to suit all relevant channels – and never forget the impact of face-to-face meetings.
From short, sharp social posts to long form print articles and how-to videos, squeeze the maximum value out of every piece of content. You never know which will resonate with your audiences.
Scrimping on data security is a false economy – and that goes for comms too. A breach will not only land you with a fine, but long-lasting damage to your business reputation.
If you spot a security issue, flag it with your leaders and show them how IC can support IT’s efforts. If you need back-up, give us a call and we’ll help you pull together the business case. All the firewalls in the world can’t stop a breach if behaviours are unsafe.
New technology brings both new advantages and new threats. These threats aren’t just for your IT teams to battle; make sure staff training and awareness keeps pace with innovation.
It might feel like a relentless march but if you’re going to stay in business, it’s time to put your best foot forward.