24 April 2019

10 steps for communicating cyber security to your team

The moment of panic after opening a message from an unknown sender. That dodgy-looking attachment you definitely shouldn’t have clicked on.

We’ve all been there. But would you believe that 90% of security breaches are down to human error? Yikes!

It’s no wonder cyber security is such a hot topic. And it’s one we can all relate to in some way or another. But despite it being such a serious and important subject, it doesn’t always take “the do’s and don’ts” and shock tactics to get people’s attention. Instead, why not connect your people with the subject in more interesting and engaging ways? 

Here are our 10 steps to communicating cyber security to your team…


1. Be creative in your approach

Creativity is key – and for a good reason. You’ll need an approach that’s unique to your business, so your people really feel it’s you. Don’t just jump straight into hair-raising statistics and scary stories of cyber attacks; try starting with something fun to peak people’s interest, but just be sure to keep the importance of the subject clear. 


2. Get the whole team involved

You’ll want a bunch of engagement ideas in your armoury. The more involved people feel, the more engaged they will be. So when making your campaign plan, get everyone’s heads together before you get cracking. Think quizzes, activities, team challenges and puzzles ­– they’ll get everyone involved in learning about the risks, while having a bit of fun at the same time.


3. Be bold and brave with colour

Want to make an impact? Make sure your cyber security comms stand out. One of the recent campaigns we’ve done was full-on neon. Less certainly isn’t more, so be colourful in your approach to grab people’s attention.


4. Take a behavioural science approach

Small changes can make big differences. Combining communications best practices with the right contextual nudges can influence behaviours and help to increase cyber security awareness, slimming down any potential risks to your business.

Chloe Foy, our resident behavioural science expert, explained: ‘Information alone isn’t enough to change behaviours. The way it’s conveyed or displayed is what really makes the difference’.


5. Treat it like an external campaign

You may be working internally but don’t rest on your laurels and put in less effort than you would for your external comms. Think of it like a campaign and make a lasting impact on your people with a phased approach. Start with a teaser, move onto a big launch, be sure to educate people throughout, involve employees and getting them participating in activities.


6. Keep your message simple

There’s a lot of uncertainty attached to cyber security, so try to keep things simple where you can. You want people to know what they need to do, when they need to do it and how. Two to three simple messages and a clear call to action is a great starting point.


7. Make it relevant to your people

If it’s relevant to people’s jobs, they’re more likely to engage with it. Think about your employees’ job roles, their average day and plans for the future. Next, think about how you can tap into their ways of working with useful advice, hints and tips when it’ll help them the most.


8. Honesty and humour will go a long way

Being honest is definitely important, but so is having a sense of humour. Everyone knows they could be a little more aware when it comes to cyber security, so make sure you’re creating a culture where your people feel like they can be open and admit mistakes ­­– without the fear they’ll get into trouble.


9. Get tactical

A strong campaign is a great starting point, but you’ll need to remind your people what to do on an ongoing basis. A great way to keep it fresh is by coming up with creative reminders at every point of action.


10. Don’t let your message get lost

Everyone can have those moments of total concentration loss when leafing through a lengthy document or long article. Words lose their meaning and once you’re gone, you’re gone. Cyber security is a serious issue, but it doesn’t have to be dull. Keep it snappy, keep it simple and people will notice.


Need help with creatively communicating cyber security to your people? You’re in the right place. Get in touch for more ideas or support – we’ve been involved in creating plenty of campaigns from codes of conduct and compliance, to cyber security, safeguarding, security vetting and health & safety communications, so you’ll be in good hands. 

Similar Articles

17 March 2021

Who’s on your cyber security A-Team?

When Covid hit in 2020, millions of us started working from home. Now, 9 out…


10 January 2020

The 10 best internal communications and employee engagement case studies of 2019

Here are our 10 favourite stories from the past year... Just Eat consolidates comms and celebrates…


9 May 2019

5 ways to train your staff in cyber security

We’re all good at updating the software and security systems on our phones and computers…


3 May 2019

The cyber security stats you need to be aware of

If you ask IBM’s president and CEO, ‘cybercrime is the greatest threat to every company…