Despite an increased awareness of information security threats, organizations continue to fall victim to intrusions and data breaches every day. Businesses both large and small are affected, regardless of industry. Information security crime is expected to exceed $6 trillion globally annually by 2021, effectively doubling the cost in just a six-year period. While there are undoubtedly many reasons for this, one common denominator is a lack of institutional knowledge about information security and how to effectively implement safeguards.
There’s also a resource issue; demand for skilled information security professionals outweighs supply. It is estimated that the number of open information security jobs will triple by 2021, reaching 3.5 million unfilled positions.
As threats continue to evolve, a strategic approach is critical. Because every employee in the company has some responsibility for the company’s information security, messaging is critical.
Employees Need to Understand the Big Picture – And How They Play a Role
When communicating with employees, it’s important to make sure have a big-picture view of the information security threats your company faces. However, it is equally important to make sure they understand their roles and responsibilities in helping to protect company data and customer information.
Messaging for both employees and senior leaders should be clear, and in terms they will understand – not technical jargon.
Key Points to Include in Information Security Communications for All Employees
When crafting a communications plan, start with a high-level overview of why your organization has adopted an information security program. Your messaging might include some or all of the following considerations:
- Your technology resources play a critical part in processing the information your business uses and relies on every day. Protecting this information is paramount.
- When IT systems are breached or when a loss occurs, your company may lose revenue, and may lose its competitive edge.
- Breaches can result in lost business and lost productivity.
- Significant breaches could result in negative publicity, lost clients and potentially lead to layoffs or loss of employment.
- Attackers are motivated, sophisticated and are using the latest technology to exploit vulnerabilities
It’s also important to make sure employees understand that technology, by itself, will not guarantee the security of your company’s systems. Employees in every level of the company help protect data by understanding and following your IT and information security policies.
Communicating with Managers
When it comes to sharing information security information with senior management controlling the company’s budget and direction, there is no room for errors or miscommunication.
Knowing your company’s leaders can help you communicate more persuasively with them, as can speaking in business terms rather than in technical terms. Simplifying your message, and clarifying understanding, can help you make sure your company’s leaders grasp the importance – and essence – of your messaging.
Messaging Should be Continuous
Finally, don’t make the mistake of thinking you can communicate information about your company’s information security program once and be done with it. Effective messaging is both regular and continuous. Intrinium provides social engineering testing and assessment work that can help keep your messaging on track.
At Intrinium, we help businesses with all aspects of their information security programs, including consulting on messaging and communications. For more best practice tips and to learn more about how we can help your business remain vigilant against information security threats, contact us online, or call us at 866-461-5099 today.