More than 300,000 customers of Latitude Financial (they own brands like Genoapay, Gem Visa and GO Mastercard ) across New Zealand and Australia could have had their privacy breached in the latest spate of cyber security attacks.
Latitude Financial’s cyber-attack is the latest in the growing list of cyber security attacks across Australia and New Zealand. New Zealand’s Pinnacle Health, and Australia’s Optus and Medibank are among other large organisations that have reported recent data breaches.
No matter the size of your organisation, cyber security training is no small matter. Organisations with poor cyber security training are at greater risk of suffering cyber-attacks. The consequences are dire:
- Loss of reputation with customers, potential customers and stakeholders
- Theft, including stolen employee data, login credentials, intellectual property and more
- Financial losses
- Fines
The importance of ongoing cyber security training
In the case of Latitude Financial, the attackers used employee login credentials to steal personal information. Despite strong IT security policies in place, employees are the weakest link in the chain. This highlights the ever growing need to keep cyber security top of mind for all employees in the organisation.
Running cyber security training once a year is setting you up for failure. Encouraging cyber safety isn’t a one-and-done approach – it is an ongoing exercise to ensure all staff stay aware and vigilant. The real challenge for businesses is how to execute it in such a way that cyber security messages are kept front of mind and influence behaviour change in the long term, without fatiguing employees. The answers lie in the basics: what, when and how.
Cyber security training isn't a one-and-done event...
What kind of cyber security messages should you send?
When it comes to cyber security messages, remember to keep it snackable. By that we mean clear, concise, and approachable communication that delivers your message effectively.
Sharing snackable messages is a powerful and effective communication tool as it captures and retains your workforce’s attention while delivering a clear and concise message. In today's fast-paced world, people are more likely to engage with information that is presented in a quick and easy-to-digest format. Bite-sized messages are also more memorable because your workforce can easily grasp the key points without being bogged down by extra information.
When – and how often – to share cyber security messages?
Internal communication teams are wary of overwhelming the workforce with cyber security information from various sources such as emails, newsletters, announcements, reports, chat messages.
Frequency of message is key when it comes to achieving a behavioural change. In fact, the touted number of times a message needs to be seen before it is retained to long term memory is 17. But the key is spacing out the delivery of each of the key messages over 2 or 3 months.
We can say with certainty that using ‘spaced repetition’ to space out the frequency of cyber security messages is the way to helping employees retain the right information in the long term without succumbing to information overload.
Spaced repetition involves repeating your message at increasing intervals. This embeds the knowledge in long-term memory because consistently reviewing what you’ve learnt allows you to remember what you’ve learnt for longer.
The best protection against cyber attacks is ongoing cyber security training
How should you use your communication channels to share cyber security messages?
When it comes to behaviour-changing communications, you want to share important cyber security messages on a channel that reaches the masses without disrupting them.
Active communication channels like digital signage screens, screensavers, lock screens and the web browsers home screen are ideal communication channels for keeping cyber security messages front of mind.
Digital signage screens are ideal where people gather, such as cafeterias and common areas. They are highly visible yet won’t disrupt or detract the workforce from their day-to-day work; you don’t want to add to the disruptions that are already going on in the workplace.
Putting it all together
There are five fundamental guidelines for delivering effective cyber security communications in the workforce. Your cyber security messages should be:
- Visual and lively to engage your workforce
- Snackable to be read and easily digested
- Delivered with spaced repetition to be embedded
- Sent via non-disruptive channels
- Timely and be kept up to date
How do you implement a cyber security training program that has a Snackable Learning Framework© built into it?
If you don’t have a cyber security program in place, our free cyber security mini program is a great place to start. It also comes with a quiz to enforce cyber security message retention in a fun, engaging way.
If you already have a cyber security training program in place, or you’re working with consultants to create one, get in touch! We can show you how to leverage a Snackable Learning Framework© to embed your cyber security program on the right communication channels so that vital messages remain front-of-mind and don’t disrupt the workforce.
