Safety first: What role does communication play in cyber security?
Cyber security is considered a complex technical issue that requires computer scientists, programmers and forensic experts. And although all these people undoubtedly have their place in this area, there is another important group: communicators. In this article, our Practice Director Hauke Gierow explains what role cyber security plays for them.
For many employees, the topic of cyber security is considered complex, and their willingness to deal with it in relation to their own job description is therefore not always high. Yet it has been clear for years among security experts that cyber security cannot succeed without the help of the company's own staff. In the area of cyber security, the communications department can make a significant contribution to improving security in the company.
Five areas in which this can be achieved with little effort:
1) Transparent information about software and services in use
Particularly in the wake of the pandemic and the trend toward remote work, many companies have deployed cloud services in numerous areas. From a business perspective, this often makes sense, as it greatly simplifies deployment and maintenance. Often, it is also more convenient for employees to be able to use these services from outside the corporate network – even without a VPN.
However, the introduction of new services should always be accompanied by a clear internal information campaign. For years, employees have been told not to click on arbitrary, unknown links. If they receive an unsolicited invitation to a cloud service, many people are justifiably suspicious.
It is important to specifically state when and for what purpose the software will be used. If communication in this regard is clear, the security level in the company will increase.
2) Dealing openly with errors
The communications department can help establish an open error culture within the company and at the same time create anonymous communication channels. After all, if employees make a mistake in dealing with IT, this is bad, but usually not the end of the world. But it becomes much worse if they try to cover it up.
Only those who do not fear negative consequences for their own working relationship will dare to deal openly with their own misconduct. Here, communication in cooperation with executives and top management can provide important support in creating an open error culture.
3) Implementation of awareness measures
As with the introduction of new software, upcoming awareness measures in the company should also be announced at an early stage. Particularly if these are combined with a phishing simulation, emergency drills or similar programs, education is urgently required so as not to trigger a feeling of surveillance among employees.
It could occur that employees get the impression of these tools being used to evaluate their own performance. Then these measures are not perceived as an opportunity for personal development, but as an attack on the relationship of trust. Only those who create a safe space through proactive communication can implement awareness measures in a sustainable and meaningful way.
Also important: Employees must have enough time to complete the training courses. Expecting them to simply complete them alongside their normal work will cause stress and cause rejection.
4) Clear strategy creates security
Almost every company has a strategy for its own development lying in the drawer – but the strategy’s internal communication often leaves much to be desired. This can have dangerous and expensive consequences.
One of the most widespread attacks on companies is CEO fraud, also known as business email compromise. In this case, fictitious payment instructions are sent to employees in the accounting department in the name of the management. These are to be processed quickly and usually with great secrecy.
In this case, transfers to alleged subsidiaries abroad are often used as a pretext to have millions transferred. If employees have a clear idea of the business strategy, it is much easier for them to question such e-mails – and prevent damage.
An open communication culture also leads to employees checking in once again via a chat message, a personal conversation or a telephone call that the requested transfer actually originates from the management before the payment is finally made.
5) Crisis happening in form of a data leak or other cyber security incident
Reports of hacks, data leaks or other cyber security incidents have unfortunately become commonplace. Yet many companies continue to struggle to respond properly. Instead of providing transparent information to customers, partners and their own employees, they often try to downplay the incident or even cover it up completely. A loss of trust on all sides is almost guaranteed.
At the same time, it has been clear since the effective date of GDPR that incidents involving personal data must be reported to the responsible data protection authority within 72 hours. Anyone who fails to do so risks heavy fines.
When reporting a data protection incident, a law firm specialized in the topic should be consulted. Customer and partner communications, on the other hand, should be handled by the company's own communications department, supported if necessary by experts in crisis communications.
If you communicate proactively, openly and build trust, you can effectively prevent speculation and thus avoid a loss of reputation.
Conclusion: Security for all, including all
Cyber security is closely connected to communication and leadership as it is to complex technical issues. Those who take advantage of the potential can sensibly accompany their investments in security software, appliances and other devices and significantly reduce the likelihood of an expensive security incident.
For crisis communications and the communication of cyber security and data protection issues, PIABO is the right contact. If you have any questions, please contact our Practice Director Hauke Gierow.
This article was first published in German at it-daily.net.