Canadian HR Reporter is the national journal of human resource management. It features the latest workplace news, HR best practices, employment law commentary and tools and tips for employers to get the most out of their workforce.
Issue link: https://digital.hrreporter.com/i/1257857
www.hrreporter.com 21 Also, use simple language and provide examples. IT teams may not necessarily have the skills to effectively craft employee communications, so HR and marketing teams can come together to design something that will resonate. Besides email, it's important to dust off baseline rules and policies related to cybersecurity, reinforcing with employees how critical it is to follow existing policies and procedures. This includes reminding them that things such as virtual private networks (VPNs) for accessing networks or using multifactor authentication (a combination of a standard password and another one-time key phrase) are crucial to keeping the company safe and protect their electronic devices. Password policies, the use of personal de vices for work purposes and access to social media sites are also worth reinforcing. Consider sending reminders from senior leaders to reinforce that cyber-hygiene is more than just an IT concern — it's critical to the successful operation of the business and an expected part of everyone's job description. And, as much as possible, reduce the opportunity for employees to circumvent Armies of workers have set up shop in their living rooms so the demand on IT systems has surged, making the task of beating cybercriminals harder. these requirements by simply building them into the system. Don't just train, engage Few organizations likely have the appetite or resources to launch formal training programs at this time. The good news is they don't have to. While many companies that specialize in cyber-security offer easy-to-access online training resources that can be easily leveraged, now might be an ideal time to get creative. T here are many forms of less traditional training methods that have proven to be very effective, and they can address challenges CISOs are facing in building a truly cyber-aware workforce: Just-in-time job aids: Instead of a manual or a link to a long document on a shared drive, work to bring together IT, HR and other internal marketing or communications resources to dev- elop a one-page snapshot that covers everything. This should be content that is easy to print and post near their workspace or to consult later. Capture everything in a Top 5 list or a graphical layout that makes it easy to consume and understand. Bite-sized learning: Avoid the "one big communication" approach altogether and consider breaking out learning into an always-on approach that doesn' t risk over whelming. Microlearning content can be delivered in a variety of ways, ranging from a modern learning management system (LMS) that pushes microlearning content to users to less formal means such as quizzes or a list of true/false questions. With the landscape changing so often, microlearning is easy to put together and more likely to be read, increasing the odds of retention and compliance. Gamification and competitions: A lot of teams are seeking ways to get together virtually, so introduce ways to rally 'round workplace culture. In this context, gamification may make sense. By engaging learners through fun activities that may even extend to team-based or friendly, competitive scenarios, training can be accomplished in a way that's fun and without people feeling like they are even being trained. One idea — work with the IT team to send out simulated phishing attacks and award points to employees who avoid it or who can identify all the various characteristics that mark it as dangerous. Since March, we have all had to learn how to adjust our lifestyles and implement social distancing to minimize the risk to our health and safety and ensure we don't put needless pressure on the health-care system. On that note, now is the time to help people understand the importance of cyber-distancing themselves from potential attackers. By taking advantage of quick, easy and engaging educational initiatives, we can go a long way toward helping IT teams manage this unprecedented challenge and ensuring we don't open the door to those who want to interfere with normal business operations. CHRR Derek Manky is the Burnaby, B.C.-based chief of security insights and global threat alliances for FortiGuard Labs at Fortinet. For more information, visit www.fortinet.com.