Tel: (08)6364 0600

How to Get Employee Buy-In on Your Cybersecurity Plan

How to Get Employee Buy-In on Your Cybersecurity Plan
Trisha Ross | 29-09-20

Cybersecurity is no longer optional in today’s business environment. Businesses of all kinds are depending more on technology, and when you factor in the fact that so many companies are now operating remotely, that dependency only gets greater. Our assertion in discussing ‘Business IT Security Solutions’ — that every business, big or small, needs multiple layers of cyber protection — has never been more accurate or relevant than it is today.

As much as company leaders can generally agree on the essential nature of cybersecurity today though, there are still challenges in bringing it about. Some of these challenges involve the actual process of choosing and setting up protections. These should be addressed independently and according to need by each individual business. Another significant challenge, however, is getting employee buy-in on newly implemented cybersecurity plans. Employees won’t always be keen to embrace new policies if they come with inconvenience, or if they’re not properly explained. But without employees on board, a cybersecurity plan will be incomplete.

With that in mind, we’re going to cover a few helpful ways to get employee buy-in, and fully implement your digital security.


Explain the Threats

The first key step in getting employee buy-in on cybersecurity is to explain what the risks are in the first place. This typically means starting with the basics — such as compromised passwords leading to information theft, and so on. However, it also means staying up to date on the latest threats, and conveying them to employees. A Medium post on cybersecurity threats in 2020 lined up a few of those particularly modern concerns, such as social engineering attacks, IoT-based vulnerabilities, and ransomware, to name a few. And these are the types of topics you’ll want to go over with employees. When they understand the threats, they’ll generally be more likely to pay attention to possible solutions.


Contextualise the Threats

This is something of a side point. But as you explain the threats, it’s also important to discuss how they can negatively impact the business. In other words, don’t just tell employees that IoT attacks are possible. Explain also what such an attack might lead to, and how it might set the business back in a way that could affect everyone involved. This extra layer of understanding can further compel employees to take cybersecurity seriously.


Focus Your Efforts

This is an idea that was suggested in Verizon Connect’s post on getting employees on board, specifically with regard to new tech tools. But the same idea certainly applies to cybersecurity measures. As that post put it, a “flood of new stuff” all at once can overwhelm employees, whereas a focus on the most critical technologies is more likely to hold their attention. That doesn’t mean you should wait too long to implement a total cybersecurity plan and a full range of IT solutions. But breaking things down into steps or stages, and helping employees to get used to a few important security tools, measures, or procedures at a time, will be more effective than trying to do it all at once.


Be Transparent

While it’s important not to overwhelm employees with too much information all at once, you also want to be fully transparent about what cybersecurity measures you’re implementing and how they might change things. Employees are most receptive to change when they trust their companies, and you can ensure that trust is in place by being open and proactive about sharing changes.

Putting cybersecurity measures in place can be a delicate and gradual process, particularly in larger companies. But it’s absolutely essential that employees be included as part of that process. A Harvard Business Review look at cyber threats revealed that the most common issues actually arise from within. Sometimes this is a result of malicious actions — but more often than not it’s due to inadvertent actions or human error. These are things you can hope to avoid specifically as a result of getting employee buy-in.

Get Your Employees To Buy In

So how can you actually get your employees to buy in on cybersecurity? We'd suggest taking the ideas presented above and turning them into direct action.

First and foremost, find a way to explain the threats of cybersecurity to your business in a way that won't aggravate or confuse employees. This can be done through a memo, but ideally you should find a more engaging way to communicate. Concisely convey what the main risks your business faces are and why they should matter to employees. This lays a foundation for your employees to be more attentive to solutions.

Next, you'll want to choose a small handful of cybersecurity measures to focus on first. With a foundation of understanding established, you'll be able to implement new measures without raising the alarm or exasperating workers. As for what these new measures may be, it depends somewhat on your business and the risks associated with it. But they can be anything from new, more stringent password requirements, to business VPN use, to two-factor authentication for company software access, and so on. Getting just a few safeguards like these in place will make your business more secure, and will give employees easy ways to contribute to the effort.

From that point forward, just remember to be transparent! As more security concerns arise, or you seek to implement new measures, communicate them concisely, honestly, and effectively. Employees who have already been led to understand the risks and assist with simple safeguards will at that point be more receptive to further changes.

That's essentially how you bring about a buy-in through a process, rather than a sudden shift in requirements or expectations.

If you’re unsure whether an upgrade is due soon and for all your IT solutions needs, feel free to speak to your account manager. For new clients interested in joining the Qbit family, please reach out to our sales team on 6364 0600.
Return to News list

Contact Us Now

To discover how Qbit can satisfy your business’ IT requirements or to discuss our services, please contact us today.