IT Is Not The First Line Of Defense. Employees Are.
Gas. Electricity. Nuclear power. Water. When these vital plants and networks are damaged by storms and natural disasters, lives are disrupted, even lost. Utility companies work hard to maintain their equipment to reduce the amount of impact, but these acts of God aren’t preventable.
Information Security Failures Are
Utility companies not only protect a home’s water, heating and cooling and power but also the necessary equipment for hospitals, first responders and fuel suppliers. Recently, this critical infrastructure found itself in jeopardy at the hands of foreign hackers. The federal government accused Russia of plotting cyberattacks on the U.S. electrical grid from at least 2015 through 2017. While the alleged hackers never followed through, the idea that they could is terrifying.
If you’re a utility company, you should know that information technology (IT) should not be your first line of defense—your staff should.
As American utilities face increasingly frequent and sophisticated attacks on their networks, it’s imperative that every employee understands the role they play in cybersecurity.
It only takes one employee to open the gate for a hacker. And if there’s a problem, the wrong communication response can wreak chaos and mistrust. To arm your first line of defense—your people—here is what a good program should include:
Internal Education And Communications
Employee communications are key to educating and motivating safe behaviors. Whether through an online course or in person, internal trainings can reinforce company policies and encourage employees to actively consider how their actions can prevent cyberattacks. The key is to not call it “training.” Most employees equate training with a boring, annoying interruption to their day.
Make It Interactive
Share real examples, even those within the company, of phishing or social engineering attempts, or incidents of information security compromises and ask participants to brainstorm what could have been done to prevent them. Explain company guidelines and policies using activities or quizzes.
Make It Personal
People will pay even more attention if you tell them how they can apply the learnings to protect their personal identity and their loved ones. Find opportunities to communicate to employees at the point where and when a dangerous action might occur. Criminals can intercept confidential information on public Wi-Fi or in your home, so consider stickers that remind employees every time they open their laptop to connect to a VPN or office network.
Get Creative
We used employee engagement to stress the importance of information security and intellectual property protection for one of our global clients. The campaign used a humorous character in a video series, signage, games, character appearances at company functions and more. Bringing levity to this serious issue helped not only attract employee attention, it got them to change their behaviors.
It’s important to build programs to engage your employees to develop safe online behavior. Stay in touch with your community and customers to build trust and open communication before a problem occurs. And if crisis strikes? Have a plan to be ready to defend your company and the community that depends on it.
Want to talk about how you can educate employees to be the first line of defense against cyberattacks? Email or call 317-631-6400.