APAC CIOOutlook

Advertise

with us

  • Technologies
      • Artificial Intelligence
      • Big Data
      • Blockchain
      • Cloud
      • Digital Transformation
      • Internet of Things
      • Low Code No Code
      • MarTech
      • Mobile Application
      • Security
      • Software Testing
      • Wireless
  • Industries
      • E-Commerce
      • Education
      • Logistics
      • Retail
      • Supply Chain
      • Travel and Hospitality
  • Platforms
      • Microsoft
      • Salesforce
      • SAP
  • Solutions
      • Business Intelligence
      • Cognitive
      • Contact Center
      • CRM
      • Cyber Security
      • Data Center
      • Gamification
      • Procurement
      • Smart City
      • Workflow
  • Home
  • CXO Insights
  • CIO Views
  • Vendors
  • News
  • Conferences
  • Whitepapers
  • Newsletter
  • Awards
Apac
  • Artificial Intelligence

    Big Data

    Blockchain

    Cloud

    Digital Transformation

    Internet of Things

    Low Code No Code

    MarTech

    Mobile Application

    Security

    Software Testing

    Wireless

  • E-Commerce

    Education

    Logistics

    Retail

    Supply Chain

    Travel and Hospitality

  • Microsoft

    Salesforce

    SAP

  • Business Intelligence

    Cognitive

    Contact Center

    CRM

    Cyber Security

    Data Center

    Gamification

    Procurement

    Smart City

    Workflow

Menu
    • Cognitive
    • Cyber Security
    • Hotel Management
    • Workflow
    • E-Commerce
    • Business Intelligence
    • MORE
    #

    Apac CIOOutlook Weekly Brief

    ×

    Be first to read the latest tech news, Industry Leader's Insights, and CIO interviews of medium and large enterprises exclusively from Apac CIOOutlook

    Subscribe

    loading

    THANK YOU FOR SUBSCRIBING

    • Home
    • Cognitive
    Editor's Pick (1 - 4 of 8)
    left
    Agile Transformation Journey

    Sachin Nair, VP CIO, Khan Bank

    Responsible AI: The Human-Machine Symbiosis

    Sal Cucchiara, CIO & Head Of Wealth Management Technology, Morgan Stanley

    Seamless Integration into Networking Industry

    Robert Lewis, CIO, Assurant

    Enhancing Customers' Experience through Technology

    Marc A. Hamer, VP & CIO, Babcock & Wilcox Enterprises, Inc.

    Digital Transformation in Fashion Retail - From Efficiency to Experience

    Le Van, CTO, YODY Fashion

    Making Sense of Artificial Intelligence

    Joe Zirilli, Vice President, Artificial Intelligence, Parsons

    Revolutionizing Architecture and Construction: The Synergy of Artificial Intelligence and the Internet of Things (AIoT) in Building Smart Structures

    Raymond Kent, ASTC, Assoc AIA, LEED AP BD+C, Senior Technology Design Leader, Principal, DLR Group

    A Record of RPA

    Osmond Li, Senior Manager, Head of Technology Innovation, Dah Chong Hong Holdings Limited

    right

    6 Steps to Improve Staff Security Awareness

    Sarah Perry, CEO, SnapComms

    Tweet
    content-image

    Sarah Perry, CEO, SnapComms

    Most of us would like to think we could easi­ly spot a scam email. That we’d smugly press ‘delete’ when a fake antivirus software alert, or another heart-wrenching foreign scam story, lands in our inbox.

    “With digital services at the heart of almost every business function nowadays - the responsibility no longer rests with the IT team alone”

    Think again

    Increasing numbers of U.S. workers are being drawn into the digital devil’s lair. Average annual losses caused by cyber criminal activities now exceed $7.7 million per organization. And in the past three years, cybercrime costs have quadrupled: by 2019, it is projected to reach an astounding $2 trillion.

    With digital services at the heart of almost every business function now­adays – think marketing automation, customer relationship management, and system logistics - the responsibility no longer rests with the IT team alone.

    Every employee has a duty to know the risks and exercise caution when working online.

    But how can you get staff to play their part? How can you teach them about the latest scams? And how can you prove your efforts have actually prevented a ‘scam-tastrophe’ for your organisation?

    There’s no better time to rethink your internal communications approach and go beyond the out-dated “all staff” email.

    1. Know what you’re up against

    Phishing emails (that contain a link or attachment to launch malicious code into a network) continue to be the worst offenders, accountable for more than 90 percent of attacks. Keep up to date with the latest scams by checking the FBI’s list of Common Fraud Schemes. Decide which ones are most relevant to your organisation then develop a timeline for communicating each topic, ideally allowing 4-6 weeks for each one.

    2. Tailor content to different audiences

    Nobody is immune from a phishing attack. This means that awareness learning must be as relevant to the C-Suite as it is to the most junior member of staff. Once you’ve prioritised your topics, tailor content according to roles using hypothetical scenarios. For example, the C-Suite is at an increased risk of being targeted with what appears to be a genuine email from the Finance team. This email is requesting authorisation to pay into a known supplier’s account – although the bank details are different. Other staff are at risk of receiving email scams that impersonate senior executives.

    For instance, if the CEO’s email is john@example.com, the spoof email’s address could replace the letter ‘l’ in example with a capital “i” so that it looks the same i.e. john@ exampIe.com. Recreate what this email could look like (see next point) to demonstrate just how sophisticated these scams have become.

    3. Simulate a phishing attack

    An effective way to ascertain how phish-prone your employees are, is to simulate a phishing attack. These test emails should be designed to look legitimate, but with some subtle tell-tale signs (i.e., an unfamiliar URL ad­dress in hover state or presenting with grammatical errors).

    Those individuals who take the bait and click on suspicious links are candidates for further security aware­ness training (and follow up simulated emails). Note: if you do not have re­sources in house to set this up, there are third party suppliers who special­ize in simulated phishing.

    4. Take a campaign approach

    It’s unlikely that employees will fully grasp what’s required of them based on a single communication. Messages that stand a chance of getting through and understood are those that are highly visual, delivered in different formats and are repeated over time – the same way many of today’s biggest brands reach out to us with their advertising.

    Follow this communication practice by creating a series of ‘drip’ messages which are released in short, sharp bursts. This bite-size approach makes it easier for employees to consume information and builds momentum quickly. By varying the channels – such as video, screensavers, tickers, alerts – you’ll be covering all bases, appealing to all ages, and learning styles.

    5. Engage using modern communication tools

    Employees have become accustomed to consuming rich media content in their private lives, and expect the same in their working lives.

    Depending on your objectives, you may want to kick-start a campaign using high impact tools. To raise aware­ness and get security information noticed, on screen tickers and desktop pop-up alerts sent direct to employees’ screens are powerful formats that bypass email completely. These are also useful for urgent messages, warning employees about a new security threat, breach, or malicious email that’s just arrived in their inbox.

    Links to further information, such as the company In­tranet or a training video can be included in these channels.

    Screensavers are the ‘surprising star’ for message re­inforcement, acting as a silent but ubiquitous message reminder. Gamification tools, such as surveys and quiz­zes, are also effective at engaging employees, especial­ly once a competitive element is included (i.e., “Which team/employee detected the most suspicious fake emails this week?”).

    6. Validate training

    Towards the end of your campaign, get proof that staff are more aware of security issues by conducting a quiz. Their responses indicate whether they have understood the train­ing, and reveal knowledge gaps for further coaching. For evidence of behavioural change, consider sending a vali­dation message, asking the employee to comply, acknowl­edge, and confirm their understanding.

    Getting your message through to employees and devel­oping a security-aware culture will only work if there’s a solid, ongoing com­munications plan in place. This critical part often gets overlooked, but it can actually deliver the most gains in preventing cybercrime. The bottom line is everyone has a responsibility to be aware of the cyber risks today.

    Established in 2007 and based in Mel­bourne, Australia, SnapComms helps organisa­tions get employee attention by offering a range of integrated tools that bypass email helping them communicate more effectively with their employees.

    Check out: Top Enterprise Security Startups in APAC
    tag

    Startups

    Weekly Brief

    loading
    Top 5 Cognitive Solutions Companies in Hong Kong - 2023
    ON THE DECK

    I agree We use cookies on this website to enhance your user experience. By clicking any link on this page you are giving your consent for us to set cookies. More info

    Read Also

    Loading...
    Copyright © 2025 APAC CIOOutlook. All rights reserved. Registration on or use of this site constitutes acceptance of our Terms of Use and Privacy and Anti Spam Policy 

    Home |  CXO Insights |   Whitepapers |   Subscribe |   Conferences |   Sitemaps |   About us |   Advertise with us |   Editorial Policy |   Feedback Policy |  

    follow on linkedinfollow on twitter follow on rss
    This content is copyright protected

    However, if you would like to share the information in this article, you may use the link below:

    https://cognitive.apacciooutlook.com/views/6-steps-to-improve-staff-security-awareness-nwid-4164.html