--- description: To address the challenges of cyber security for small businesses, we look at how to raise cyber awareness among employees and help prevent cyberattacks. image: https://gdm-localsites-assets-gfprod.imgix.net/images/capterra/og_logo-e5a8c001ed0bd1bb922639230fcea71a.png?auto=format%2Cenhance%2Ccompress title: 6 steps to promote cyber security for small businesses --- # 6 steps to promote cyber security for small businesses Canonical: https://www.capterra.co.uk/blog/818/6-best-ways-to-promote-cyber-security Published on 17/08/2022 | Written by Maria Genova, Eduardo Garcia. ![6 steps to promote cyber security for small businesses](https://images.ctfassets.net/63bmaubptoky/eG5zQGjYxl99-P2Hq3hNVYQG9QymE44JTz6g-p-qboU/1166f86a87111ddde4d20a8fa8267168/Cybersecurity-for-small-businesses-UK-CA-Header.png) > This article was originally published on 13/08/2019 ----- ## Article Content This article was originally published on 13/08/2019This article will explain the importance of cyber security and provide tips on how to promote cyber awareness and security for SMEs. In this articleHow can companies promote cyber awareness at work?1. Organise a cyber treasure hunt2. Explain the cyber risks in normal human language3. Reward reporting data breaches4. Use phishing test tools5. Choose practical and easy solutions6. Think of playful ways to raise awarenessIt is all too common in the workplace to go for convenience instead of safety. Yet even today, with so many passwords and logins, it is very easy to fall victim to cyberattacks. What’s more, many people are unaware of the risks that can ensue from links and attachments from emails. According to the UK Government’s 2022 Cyber Security Breaches Survey, four out of ten enterprises (39%) experienced a cyber security breach in the last 12 months. The shifts in work habits that have arisen during the COVID-19 pandemic may have made companies more vulnerable to cyberattacks. Even though businesses are gradually adjusting to hybrid models and remote work, there has been an increase in cyberattacks and ransomware attacks since the pandemic . While it is clear that cyber security is important for businesses, how can you raise data security awareness and encourage teams to optimise their cyber security measures?How can companies promote cyber awareness at work?There are different approaches to try to understand what does and does not work when it comes to cyber awareness training and information security. Posters with warnings about cyber security hardly seem to have any effect. Interactive lectures can rate highly, but small companies may not have the resources to invite speakers for small groups. On the other hand, large companies can’t reach out to a whole audience simply with presentations. So, here are six steps your SME can take to promote data security training in the workplace. 1. Organise a cyber treasure huntEveryone loves a game every now and then, and this one can be an ideal way to encourage online safety and educate staff on the importance of data privacy and data protection. In this treasure hunt, you hide at least 10 cyber security threats and let participants search for them. A USB stick with a possible virus, a mobile phone with a security code 0000, a file with personal data lying around on a desk, a forgotten document in the printer, a non-locked computer screen, etc. Not only will employees improve their security awareness, chances are they will probably find more dangers than the ones you had originally hidden. 2. Explain the cyber risks in normal human languageIT specialists often forget that ordinary employees do not have the technical knowledge to understand digital jargon. Employees may not understand the scope of clicking on a phishing email or using a weak password. However, the risks are palpable. Reported losses from cybercrime in the UK totalled £3.1 billion in the past year, but it isn’t only the financial losses and business disruption that affect companies who have fallen victim to cyber and ransomware attacks. Negligence can negatively impact whether future partners feel safe collaborating online with you due to reputational damages, and there can be legal consequences due to the loss of sensitive data.Additionally, hackers are increasingly trying to get into small companies as a stepping stone to attack large enterprises. Staff should be made aware of this, and the use of specially developed software for information security can do a lot to prevent unauthorised access to private data. However, employees must also receive awareness training and cooperate in ensuring online safety and responding to the challenges of cybersecurity. 3. Reward reporting data breachesShould you reward an employee that has participated in a data breach? Even though incentives seem to work, in this case, It seems hard to fathom. Nonetheless, a director decided to do that because she knew that many employees withheld data breaches, such as sending an email with personal data to the wrong person. When a few people received a small gift because they had quickly reported a data breach, word quickly spread on the importance of not withholding data breaches and that you will not be punished if it happens to you. Now a word of warning to those who think that this can result in a Pavlov-esque tendency to associate breaches with rewards: The idea here is to receive a gift for trying to limit the consequences of an error instead of keeping it a secret. Sometimes, companies discover after six months that they have been hacked because an employee clicked on phishing and didn’t find it necessary to point it out to the IT department, and these situations need to be prevented. 4. Use phishing test toolsOrganisations can test and practise their response to cyberattacks to see if their cyber awareness training is working or not. For example, mock phishing emails can be sent to staff once they have been educated on how to spot and report these types of emails. If an employee fails to flag the email to the IT team, it highlights the need for further training. These tools can focus on main cyber threats and can be sent in a safe environment as many times as necessary. Alternatively, staff can be educated through a presentation, an e-learning course, or even a cyber quiz. 5. Choose practical and easy solutionsStaff can be required to use complex passwords, but these can be easily forgotten or can result in predictable actions, such as adding a number at the end of a word or replacing the letter ‘o’ with a ‘0’. A password manager can store passwords that are difficult to remember, and many can also generate passwords. However, if using a machine-generated password without a password manager, ideally, employees should be given a range of options so they can choose a format they find easier to memorise.6. Think of playful ways to raise awarenessSpending money on expensive IT tools is throwing money away if employees don’t understand how hackers work. An example is someone who happened to be on vacation during a phishing email test. The holiday-maker saw the phishing email too late and emailed back: ‘I was not present last week; you can send the link again because it no longer works.’Use simple ways to train employees. If you don’t have the resources to create engaging educational videos about privacy and cybercrime on the intranet, there are other options. When a colleague has not touched their computer for a while, a screen saver with prevention tips could pop up automatically. The company app could also occasionally show a prevention tip about opening suspicious emails, sharing confidential information, or making fake payments. Looking for cybersecurity software? Check out our catalogue\! ## About the author ### Eduardo Garcia Eduardo is a Content Analyst for the UK. Providing research and digital tech tips for SMBs. MA in Journalism and in Diplomatic Studies. Animal loving, sea revering, Mancunian. ## Related Categories - [Compliance Software](https://www.capterra.co.uk/directory/30110/compliance/software) - [Cybersecurity Software](https://www.capterra.co.uk/directory/31037/cybersecurity/software) - [Endpoint Protection Software](https://www.capterra.co.uk/directory/30907/endpoint-protection/software) - [Network Security Software](https://www.capterra.co.uk/directory/30003/network-security/software) - [Vulnerability Management Software](https://www.capterra.co.uk/directory/31062/vulnerability-management/software) ## Related Articles - [A third of British SMEs fell victim to phishing attacks during lockdown](https://www.capterra.co.uk/blog/1537/cyber-attack-increase-in-phishing-due-to-coronavirus) - [What is ethical hacking and how can it help your business](https://www.capterra.co.uk/blog/1620/what-is-ethical-hacking-help-your-sme) - [Rapid application development: What it is and how to use it](https://www.capterra.co.uk/blog/2548/rapid-application-development) - [Tackling fake news: How can you preserve your e-reputation?](https://www.capterra.co.uk/blog/2769/how-tackling-fake-news-preserves-business-e-reputation) - [Smart cities in the UK: Balancing convenience and security for urban transformation](https://www.capterra.co.uk/blog/4185/Smart-city-habits-in-UK) ## Links - [View on Capterra](https://www.capterra.co.uk/blog/818/6-best-ways-to-promote-cyber-security) - [Blog](https://www.capterra.co.uk/blog) - [Home](https://www.capterra.co.uk/) ----- ## Structured Data