How to Improve Employee IT Security Awareness


Employees struggle with IT security awareness. Grayson Kemper, Senior Content Developer at Clutch explains why organizations need to turn to their company’s HR to help create a strategy that encourages employee recognition of IT security policy and compliance

How aware are your employees about IT security threats to your company?

Your company’s IT services represent your primary security endpoints. As more business processes fall under the purview of IT services and operations, the more valuable IT security becomes to your business.

Unfortunately, hackers and other external IT security threats recognize the value of your company’s IT services.

With malicious, external cyber threats looming, your company needs to be prepared for IT security attacks both externally and internally.

It’s crucial for your company to remember that your employees represent a significant part of your security apparatus. Depending on the circumstance, your employees can either serve as a security asset or liability.

To strengthen your company’s IT security, you need to use human resources to format a strategy to invest company resources toward educating and preparing your employees for an increasingly severe IT security landscape.

This article examines the current state of IT security awareness among employees and outlines how human resources can help educate employees to become security assets, rather than liabilities, for your company.

Current State of Employee IT Security Awareness

Employees currently struggle to recognize IT security threats to their companies.

In fact, employees do not consider IT services as the most vulnerableOpens a new window area of their companies. Rather, they identify physical theft of property as the biggest threat to company security, rather according to recent research from Clutch.

In addition, employees at all levels lack a comprehensive understanding of their companies’ IT security policies. Recent research from CyberArkOpens a new window determined that nearly half of employees are not fully aware of their company’s policy, including one-third of company decision-makers.

What Can HR Do to Encourage Employee IT Security Awareness?

Each one of your employees needs to understand the importance of your company’s IT services.

**The best way to encourage IT security awareness among your employees is to establish strong compliance training programs for all employees**.

Many businesses have IT security compliance training and requirements in place, but often fail to actually connect with employees about the aspects of security policy, or security threats, they struggle with.

For example, low-effort policy entails sending out periodic emails that remind employees to update security software, passwords, or require them to acknowledge security policy. While these efforts are better than nothing, they make very little actual impact.

This is where HR needs to step in. Human resource needs to work with company IT to ensure that your company’s policy and compliance are communicated to employees in a consistent and effective manner.

In particular, policy compliance training and updates need to be included as part of employee onboarding. Each employee, regardless of position, should be introduced to your IT security policy during onboarding.

Your security onboarding program should cover three areas in particular:

  1. Details of policy: The areas of the business that your IT security policy covers (i.e., required software, password requirements, points of contact)
  2. Compliance training: How to follow company IT security policy and security best practices. This training needs to include how to respond in the case of a cybersecurity breach.
  3. Threats to IT services: Outstanding threats to your company’s IT services and security, and how to protect against them. Your company should also discuss security incidents of the past to give insight on how they were handled and reflect on how to handle such incidents in the future.

These areas of focus are not exclusive to new employees. Compliance training and security updates should continue on a consistent basis to maintain an educated employee base.

Be Creative About Encouraging IT Security Awareness

Human resource needs to be creative about how they can encourage IT security awareness and policy compliance.

Incentivizing employee interaction with security policyOpens a new window is one approach for your company to experiment with to motivate employees to engage and understand IT security.

One example of how to incentivize IT security is through running email phishing tests. For example, you can send out a test phishing email, and those employees that properly identify and report it are given a small prize like a gift card or an added hour of PTO. 

**The possibility of incentives fully engages employees in your security operations, since they have a personal stake in secure behavior**.

Invest in Your Employees to Strengthen IT Security

If your employees are educated about policy and compliance best practices, they represent assets to your company’s IT security.

Currently, though, employees struggle to understand their companies’ IT security policies and compliance. As a result, they represent security liabilities to their companies.

To curb this issue, human resources needs to collaborate with IT to encourage active employee engagement with the security policy through creative solutions like incentives for policy compliance.