Educate your staff about online security
Help your staff stay aware of the online security risks your business faces, and how they can play a part in keeping your business information secure.
Why it matters
Many types of online attack target businesses through their staff — using phishing campaigns, for example. Educating your staff about the security risks your business faces increases the chance they'll follow required security steps – and that they'll be able to spot attacks and report them ahead of time.
How to protect your business
-
Run awareness campaigns
If you’re working to improve your business’s online security, consider running an awareness campaign for your staff to let them know:
- why cyber security is important
- what you’re doing to keep the business secure online
- what this means for them and what you need them to do.
There are all sorts of activities you can run as part of a campaign. You could:
- get a cyber security specialist in to give a presentation to staff
- put articles about cyber security on your intranet
- run quizzes
- add screensavers to staff computers
- get some t-shirts printed to use as competition prizes
- hand out desktop or table cards with cyber security tips on them
- highlight cyber security on your internal social media channels.
These are all activities that we’ve seen work well — but you may have other ideas for activities better suited to your staff.
Some good topics to cover include:
- how to create and manage account passwords
- how to identify a scam or phishing email (and what to do with it)
- social engineering
- safe online browsing
- social networking
- data protection
- data destruction
- managing mobile devices
- what to do if your business experiences a cyber security incident.
-
Use CERT NZ resources
We run a national awareness campaign every year, called Cyber Smart Week. The theme for the campaign changes each time, but it’s always focused on good practices to help individuals become smarter about online security.
We create resources for each Cyber Smart campaign that businesses can download and use in their own campaigns, like:
- images for use in social media
- articles for newsletters or messages to staff
- posters.
Resources
-
Protect your business onlineProtect your business online [pdf, 159 KB]
-
Online security risk assessments for businessOnline security risk assessments for business [pdf, 483 KB]
-
CERT NZ's critical controls 2022CERT NZ's critical controls 2022 [pdf, 769 KB]