Gas. Electricity. Nuclear power. Water. When these vital plants and networks are damaged by storms and natural disasters, lives are disrupted, even lost. Utility companies work hard to maintain their equipment to reduce the amount of impact, but these acts of God aren’t preventable.
A cyberattack is.
Utility companies not only protect a home’s water, heating and cooling and power but also the necessary equipment for hospitals, first responders and fuel suppliers. Recently, this critical infrastructure found itself in jeopardy at the hands of foreign hackers. The federal government accused Russia of plotting cyberattacks on the U.S. electrical grid from at least 2015 through 2017. While the alleged hackers never followed through, the idea that they could is terrifying.
If you’re a utility company, you should know that information technology (IT) should not be your first line of defense—your staff should.
As American utilities face increasingly frequent and sophisticated attacks on their networks, it’s imperative that every employee understands the role they play in cybersecurity.
It only takes one employee to open the gate for a hacker. And if there’s a problem, the wrong communication response can wreak chaos and mistrust. To arm your first line of defense—your people—here is what a good program should include:
Internal education and communications
Employee communications are key to educating and motivating safe behaviors. Whether through an online course or in person, internal trainings can reinforce company policies and encourage employees to actively consider how their actions can prevent cyberattacks. The key is to not call it “training.” Most employees equate training with a boring, annoying interruption to their day.
Make it interactive.
Share real examples, even those within the company, of phishing or social engineering attempts, or incidents of security compromises and ask participants to brainstorm what could have been done to prevent them. Explain company guidelines and policies using activities or quizzes.
Make it personal.
People will pay even more attention if you tell them how they can apply the learnings to protect their personal identity and their loved ones. Find opportunities to communicate to employees at the point where and when a dangerous action might occur. Confidential information can be intercepted on public Wi-Fi or at home, so consider stickers that remind employees every time they open their laptop to connect to a VPN or office network.
We used employee engagement to stress the importance of intellectual property protection for one of our global clients. The program involved creating an internal campaign around a humorous character that included a video series, signage, games, character appearances at company functions and more. Bringing levity to this serious issue helped not only attract employee attention, it got them to change their behaviors.
It’s important to build programs to engage your employees to develop safe online behavior. Stay in touch with your community and customers to build trust and open communication before a problem occurs. And if crisis strikes? Have a plan to be ready to defend your company and the community that depends on it.
Want to talk about how you can educate employees to be the first line of defense against cyberattacks? Email us or call 317-631-6400.