Digital Economy Blog – How to effectively raise awareness about cybersecurity?

We often hear that phishing emails are full of mistakes and that they are easy to spot. But this is no longer true, phishing is now of very good quality and is becoming ever more difficult to detect. To limit the risk of breaches within the company, awareness-raising efforts are particularly important.

Carry out regular awareness-raising actions

Companies often consider cybersecurity awareness as a one-off action: we carry out an awareness campaign by sending informative materials by email to employees and we then consider that employees are aware. But it’s wrong.

It is necessary to regularly support employees to ensure effective training in the face of cyber risks. Indeed, a one-off action will be effective during the time it is carried out, but if no awareness-raising is carried out during the rest of the year, its effect will be reduced. It is therefore necessary to implement regular awareness campaigns for optimal results.

Multiply awareness channels

To capture the attention of employees and ensure complete awareness, it is essential to diversify awareness channels. Email campaigns, phishing tests using specialized platforms, company seminars, etc., are all formats to consider.

Using several of these methods will yield the most effective results, as some employees will respond better to a simulated phishing test, while others will prefer interactive learning during a seminar. The multiplication of awareness channels is part of the same logic as carrying out regular actions, but it is important to note that two different actions will make it possible to raise awareness among more employees or simply carrying out emailing campaigns, even regular, will have less effectiveness.

Towards a “safety culture”

The goal of every company should be to develop a culture of safety. To do this, all employees must be involved in the cybersecurity process. We consider that the cybersecurity culture is achieved when all employees adopt appropriate behavior in the face of cyber threats.

As we mentioned, training or a one-off awareness campaign is not enough. It takes continuous effort to successfully establish a security culture and increase the company’s resilience to cyber risks. This is a constant process that requires time, but given the fact that humans are the main target of hackers with phishing and more generally social engineering, the process must be considered as an important component of the company’s cybersecurity strategy.