Skip to main content

You are here


Getting Employee Buy-In on Cybersecurity

Having cybersecurity measures in place is an important step to protect a retirement plan, as well as well as those that serve as plan fiduciaries. But cybersecurity steps are only at half strength if only management and the plan sponsor and fiduciaries implement and follow them, argues a recent article. Employees are key to the effectiveness of such steps, it says, and suggests how to get them on board.

In “Seven Ways to Gain Employee Compliance on Cybersecurity Procedures,” the Forbes Technology Council argues that cybersecurity is “an absolute necessity” but that cybersecurity issues are exacerbated by staff members’ reluctance to follow such procedures. “Cybersecurity issues can develop when your staff members struggle with the rules set to keep everyone safe. People want to get their work done, and can be inclined to end-run around some onerous-seeming procedures, especially if they don't see any value to them,” the council says. “Getting complete buy-in from your employees,” they assert, “can be a challenge.”

The council has some recommendations regarding how to achieve such buy-in.

Employee Awareness. Training employees about threats to cybersecurity, as well as how it affects the business, will encourage employees to comply with cybersecurity steps,

Provide Regular Training. Ongoing or semiannual training, including discussion of liabilities and threats posed by failure to follow security steps, is “one of the best ways” to improve employee compliance, the council argues.

Make Security Something Employees Can Relate to. It helps to present cybersecurity in a way that shows how it affects not only the employer but also the individual employees.

Transparency. Being transparent in communications about internal security procedures will help create trust and confidence in protection of employee privacy.

Videos. Brief and entertaining videos can be very helpful in making key points regarding compliance with cybersecurity steps register with employees.

Make it Personal. One of the best ways to achieve buy-in, Andrew Blocksidge of MagnaFlow Exhaust Systems told the council, is to connect it to employees’ personal lives. “By educating the employees to be aware of risks that impact them personally, we have seen a reduction in phishing compromise and malware downloads,” said Blocksidge.

Simplicity. “Long policies and procedures will probably not get read and retained,” says the council.