106 Communications - Cyber Security & Data Protection

Cyber Security and Data Protection

The importance of employee communication to better protect your organisation and your people. Instilling good behaviours within your workforce, in cyber security and data protection.

“ All hackers do is look for openings and there’s openings in every company... It always comes down to the human element. There is no technology, there never will be any technology, including AI, that can defeat social engineering.” Frank Abagnale Jr

Communicating to colleagues about the importance of cyber security and data protection at work cannot be underestimated. Cyberattacks have more than doubled since the pandemic. At the same time, we are seeing “an epidemic of scams”. Any organisation operating in many different jurisdictions will already know the complexity of data protection legislation and compliance. Maintaining the integrity of your systems and data isn’t simply down to the security you put in place; it is so dependent on the behaviour of your people.

Protecting your organisation and your people with better employee communications We are a specialist employee communications consultancy, helping a range of different organisations to instil good behaviours, improve employee engagement and effect change. We can offer you tried-and-tested employee communications, which can be tailored to your organisation and brand. We help organisations to turn policies into good behaviours, where colleagues aren’t simply being asked to follow a policy, but understand their role and responsibility, put that into action every day, and champion cyber security and data protection. There are a range of threats that colleagues need to be conscious of – and actively helping to prevent. • Phishing – While organisations may have great firewalls and cyber security in place, it can still all be undone by a colleague who clicks on the wrong link. • Password Security – So many of us can get into the habit of using the same passwords (or variations of), which can compromise our systems. • Device Security – Laptops, mobiles, tablets and other equipment are of course in danger of being stolen and compromised. • Acceptable Use Policy – Do all colleagues understand what is acceptable practice and what isn’t within the organisation? • Fraudulent Activity – The rise in scams can impact on key areas of the business; but it could also have serious consequences for individuals. • Data protection – Keeping data safe and secure is not just a job for the tech team; this involves everyone who touches a data-set. • Fake posts – Whether it’s fake news in an industry or even a fake film of a leader, it’s important to be vigilant to what’s real and what isn’t. We can help you make sure your people are aware of the risks, take the right action and support your cyber security and data protection plans.

Lessons from crime fighters Getting people to care about cyber security and data protection is not always easy. Even in a police force that should care. Nick Selby is a former NYPD police officer, now cyber security consultant, who tells a great story about how he helped to create a stronger focus on online fraud within the police department. Previously a lot of online fraud would not be investigated, because lines of investigation were quickly exhausted or simply not reported, because either they didn’t have the capability or desire to pursue. Selby helped to change the culture, through three key principles: Keep it simple. Cyber security can sound like something that is for someone else. NYPD knew that it had to be owned by everyone; but to do that, it had to make it straightforward and relatable. This was done in training sessions which had fewer than 20 slides and keep the message and action simple and accessible. Empower people. The categorisation of cybercrimes seems like a small thing, but it enabled the NYPD to see the trends taking place. It was by encouraging cops to allot crimes to categories that enabled better investigations. Show results. There was little awareness of the scale of online fraud – and even less of the success rates of investigation and conviction. By measuring cyber crime, the NYPD was able to reveal the size of the problem, as well as showcase examples of successful crime fighting.

The secret to instilling good behaviours in cyber security and data protection. Start with the why – outline the threat to the organisation, the financial and reputational issues, not to mention the impact it can have on colleagues. Create a narrative that drives a instils of urgency and importance. Clarity about your responsibility – for some people, it may be simply regularly updating passwords; for others, who are managing data or responsible for key information, it’s making them more aware of their everyday responsibility. Champions in the workplace – find the people who can advocate for cyber security and data protection, whether as experts or as supporters. They will encourage others to take the right action and follow the right behaviours. Nudge the behaviour – it’s always important to provide nudges to ensure the right behaviour, whether regular reminders or within a particular context (for example, stickers on your laptop or warnings within data-sets). Have a crisis communications plan – align your crisis comms to your recovery plans, ensuring timely and appropriate communications if the worst does happen.

Comms toolbox A toolbox of relevant assets to use across your organisation. Personas and comms mapping Mapping comms strategy according to personas, and specific context of organisation and its people. Workshop Half-day workshop to work through the challenges. Up to 3x calls with key stakeholders prior to workshop to provide context. A proven approach to employee communications

Workshop In the workshop, we bring colleagues from different teams and functions together to discuss the challenges and opportunities in cyber security communications. • Gain first-hand insights about cyber security • Engage a cohort of culture multipliers • Build ownership over cyber security

Persona and comms mapping Here, we define our persona groups and develop a comms map. • 6-12 month strategy development • Understanding of the personas, their desired channels and comms priorities • Every organisation will have their unique audience, but some example personas we find useful are: deskless, mobile units, office-based, high-risk, shift workers.

Comms toolbox A good comms project is geared towards sustainability. Our aim is to give you the tools and understanding you need to deliver for your people beyond our campaign. • A cyber security narrative founded in your experience with the longevity afforded by deep research foundations • An immediately recognisable visual identity • Assets from postcards to posters, briefing decks to website banners • Workshop essentials and practice scenarios • Advice on what to use, and where

Our expertise in action…

WWW.SGS.COM BE DATA SAFE Data Privacy is a priority for SGS. We are committed to protecting customer and employee data in all parts of our business, to retain their trust and confidence for the long term. Learn more on www.sgs.com/privacy #BEDATASAFE WWW.SGS.COM BE DATA SAFE In an ever-increasing digital world, we are committed to protecting customer and employee data in all parts of our business. That is why we have created 3 commitments and 9 rules to help guide us in the way we treat any personal data. Find out more on http://bit.ly/SGSBeDataSafe #BEDATASAFE WWW.SGS.COM BE DATA SAFE Data Privacy is a priority for SGS. In an ever-increasing digital world, we are committed to protecting customer and employee data in all parts of our business. To help everyone understand what this means, we have now launched an e-learning module for all employees. Find out more on http://bit.ly/SGSBeDataSafe #BEDATASAFE 1 2 3 4 5 6 7 8 9 ARE YOU DATA SAFE? BE DATA SAFE MAKING OUR COMMITMENT TO DATA PRIVACY Find out more on www.sgs.com/privacy BE DATA SAFE FIND OUT MORE ABOUT OUR GLOBAL DATA PRIVACY POLICY www.sgs.com/privacy SGS - Be Data Safe We worked with SGS’s data privacy team to develop a messaging playbook, for colleagues, managers and leaders - everything from briefings to digital assets, from video to escape room.

Always scan for scams f Be vigilant. Keep your data safe. Don’t let them take it. p don’t be password predictable. Strong and secure passwords keep your data is safe. Don’t let them take it. keep prying eyes locked out. e Stay secure and keep your data safe. Don’t let them take it. don’t go rougue on your work devices. y Be sensible when using your work computer. Off-the-shelf campaign Your very own off-the-shelf campaign ready to apply to your organisation and brand, and build around your specific needs. Just say the word…

The award-winning communications agency If you’d like to learn more about cyber security, contact [email protected] or call +447801235241