3 Things You Need to Know About Cybersecurity Communications
By
— January 10th, 2023
If the cost of cybercrime were measured as a country today, it would be the 3rd largest in the world—inflicting damages worth $6 trillion globally in 2021 alone.
This will continue to increase as cybercrime is set to become one of the most lucrative revenue sources for organized crime. The early days of 2023 have already seen well-planned attacks on the Guardian newspaper and the Royal Mail in the UK, the latter by a suspected Russian-linked ransomware gang.
Most IT professionals are taking proactive steps to prevent cybercrime and mitigate the risk of a cyberattack occurring. But 95%of cyberattacks are caused by human error.
Teaching basic skills like using stronger passwords, identifying potential scams, understanding when an attack may occur, and more can dramatically limit the risk of a cyberattack occurring. And the best way to spread awareness is through excellent employee communication.
The Multi-Million Dollar Impact of Communication on Employee & Customer Experience
To help businesses understand how internal communication can help prevent a cyberattack from occurring and reach employees if a cyberattack does occur, we hosted a webinar with Tom Meade, Head of IT at Poppulo, and Ann Cronin, Key Account Director at Poppulo.
If you have time, check out the full executive brief of the webinar here—or keep reading for the quick takeaways.
1. Why Cybersecurity is a Business Problem
We’ve already stated the global cost of cybercrime—and that cost continues to grow. Cybercrime is expected to cost the world $10.5 trillion annually by 2025. And it can hit companies of all sizes, from small firms to Maersk—the biggest shipping container company on the planet.
With more employees working from home today, the threat of a cyberattack is even more extreme. If an employee isn’t on the organization’s network or is using a personal device, there’s a greater chance of them leaving an opening for a cybercriminal to gain entry.
Cybersecurity is a company-wide problem, and a strategic, company-wide approach is needed to prevent a cyberattack from occurring. The first step is to understand how a cyberattack can occur.
2. How Cybercriminals Gain Entry
Here are a few of the ways cybercriminals gain entry into an organization’s system:
- Phishing: Attackers send fraudulent messages via email or text message, hoping the employee clicks on a link that causes malware to be downloaded
- Baiting: An attacker tricks an employee into plugging a device into the computer, compromising the system
- Pre-texting: Manipulating an individual into sharing sensitive information
- Email Attachments: Voicemails, e-files, PDFS, or docs attached to emails that infect your device
- Zero-Day Vulnerabilities: A vulnerability has been disclosed in a system but not dispatched
- Man-in-the-Middle Attack: An attacker interrupts an existing conversation to intercept data
- Denial-of-Service Attack: Flooding or crashing a system to shut down the machine, making it impossible to access resources
While many of these cybercrimes can be prevented by IT departments, there are also measures employees can take to help limit the chance of an attack occurring.
Employees should always be prepared to upgrade their devices when IT releases a patch, and use highly secure passwords, or multi-factor authentication when possible.
The best way of ensuring that employees know what they can do to prevent a cyberattack is to include it in your communications plan. Let’s look at what Internal Communication teams can do before, during, and after a cyberattack occurs.
3. How to Communicate Before, During, and After
Before:
Businesses should communicate thoughtfully and frequently to make sure employees are always taking the right precautions to prevent a cyberattack.
Work with employees to make sure they understand the best time to upgrade their devices, and ensure they’re aware when a critical patch occurs. Employees should be prepared for these conversations, and work with IT to safely upgrade.
When communicating to employees about cybercrime risk, make sure the content is relevant for them and available on the channel that they prefer.
Continue to measure how employees engage with your comms, and share the quantifiable impact on the business. Get HR involved by including cybercrime awareness as part of onboarding and continuous training for employees.
During:
When an attack occurs, you should immediately isolate the network or system where the attack occurred, then figure out what needs to be communicated.
Know the right message to put out and which departments should be involved, and don’t leave room for employees to fill in the gaps by under-communicating. Using a platform like Poppulo Harmony can help you reach all employees instantly on every channel, in a safe and secure way.
After:
You should always take the time to reflect on what was learned from a cyberattack was occurring, and share additional preventative and educational content with employees.
Communicate the scope of the breach and ensure all employees know how to handle media queries, if they occur.
Employees and customers want you to communicate honestly and thoughtfully—especially if their privacy is at risk. Be consistent and clear, and ensure customers know how this affects their service.
With the right communications and response plan in place—and the right tools to action that plan—you’ll be prepared to keep employees aware and informed of the measures they should take during, before, and after a cyberattack.
Interested in learning more about how Poppulo can help? Contact us today using this link.