Back to all blog posts

How to win employee participation in cybersecurity

In any cybersecurity program, as with a privacy program, the team leading the program relies on the cooperation and participation of the average employee. Here are some tips for getting employees involved in efforts sparked by the occurrence of Cybersecurity Awareness Month.

How to win employee participation in cybersecurity

Automate processes

Any new process that can safely be automated should be—within reason and budget limitations. Automation largely takes the pressure off the typical employee, who has a full-time job and deadlines to keep up with while also following the business’s privacy and security procedures. It’s the responsibility of the business to train and equip employees to fulfill their obligations.  

There are several automated functions that will help improve cybersecurity and maintain the confidentiality, integrity, and availability of data without any effort from most employees. A few examples here include automatic software updates and automatic phishing blockers. Automatic software updates will ensure that employees update their software as needed for any reason, including but not limited to bug fixes. Providing the ability to postpone the update will also allow employees the agency and freedom to choose a convenient time.

An automatic phishing blocker installed in the business’s email application will spare employees from falling victim to convincing phishing attacks and save them from needing to recognize and report every phishing attempt. This definitely shouldn’t replace cybersecurity training but be added to support the training. Employees need training to catch anything the blocker misses. It may bring some relief to employees if they see the use of an auto-blocker featured in their cybersecurity training this year.

A few of these types of functions may require one-time or even regular effort by the employee, such as setting up an automatic cookie blocker on an internet browser. Providing time that allows the employee to take the required steps will also help encourage their participation in the activity. This could look like a deadline set a few weeks in advance or a calendar block during which employees will all complete the steps together.

Simplify authentication requirements

Some cybersecurity best practices, such as authentication security, seem to be the antithesis of efficiency because of the number of steps required. There are several minimally disruptive options that free up mental capacity for other tasks.

Multi-factor authentication can and should require just two sign-in steps. While in one respect this may be adding a second step for employees to complete, the business can select a provider whose system is user-friendly and potentially requires MFA only when using a new device or unknown network. 

Password managers can free employees from the burden of remembering multiple long and complicated passwords required by strong password management. Requiring a strong password without providing a password manager may lead employees to use unsafe password practices like writing down their passwords or reusing passwords. In selecting a vendor, keep in mind their security practices and history of cybersecurity events.

Relate cybersecurity to home life

Cybersecurity Awareness Month may be the month when the latest training or awareness activities are rolled out to employees.

Included in any good training are real-life examples that go beyond the office. Informing employees on cybersecurity issues in their daily life, not just those at work, will motivate them to learn by making it personal.

Training and awareness activities for cybersecurity can and should describe safe practices while working from home. While the lines between home and work life are often blurred for remote workers, it will be easy to teach employees secure practices that benefit them even when they’re clocked out. This will not only improve learning but also adoption of security practices.

In measuring the potential return on investment from cybersecurity efforts, it’s important to count the benefits to be made on employees in all areas of their lives, not just their job performance.  

Reach out to Privacy Ref with all your organizational privacy concerns, email us at or call us 1-888-470-1528. If you are looking to master your privacy skills, check out our training schedule, register today and get trained by the top attended IAPP Official Training Partner.