Hi all, here´s my 50 cent to this discussion on how we made it, that our users are "awake" on cybersecurity, not a psychological approach, but a human, maybe "conservative" one: Our board of directors was very alarmed by cyber attacks at friendly companies in the immediate vicinity and urgently wanted an awareness solution for employees. Sosafe was implemented and we got the employees on board right from the start with backing from the top. Every email about new, current threats, special circumstances, etc. always includes a request to “pester” us with questions. The request to use the "SoSafe button" in Outlook one too many times rather than the crucial time too few has also led to colleagues now doing exactly that: it is better to ask IT first whether the link, email, website, app, etc. is "safe" BEFORE clicking. And of course we also help with problems with private devices as far as possible. The fact that the Management Board also personally checks that employees are doing the trainings and exerts gentle pressure via the department heads without getting angry has also led to employees seeing SoSafe as absolutely normal within a year. The success: Statistical rates far better than the industry average. And employees who now see IT as a friend and helper because we always have an open ear.
Hi Markus P., 🙏 Thanks so much for sharing your experience – really inspiring to see how you have made cybersecurity awareness part of your employees' day-to-day! The part where you said employees are encouraged to “pester” IT with questions – really stood out to me. It seems like you’ve built a culture where people don’t feel bad about asking, and where curiosity is actually welcomed. How did you make it truly okay for people to reach out? What did it take to create psychological safety in that sense? You also mentioned a strong top-down approach – how much influence do you think that had on employees? And do you think this cultural shift would have happened without it? The fact that SoSafe became such a natural part of everyday work routines - within just a year - is super impressive! 👏 Would love to hear from other members as well – Lea K. Sabrina H. Katharina K. Thomas B., do you see any similarities in your strategies? 👀
I think the most important thing is that we as IT are not above things and act as nerdy “gods”, as I have unfortunately seen in some companies. Yes, we also have rules and processes, but we also always have an open ear for silly questions and/or private problems, as long as it stays within reason. On the subject of “top-down”: our Management Board has a very clear and insistent approach when it comes to its wishes and ideas. This is absolutely the right thing to do when it comes to the safety of the company and the employees are on track accordingly. I think without this certain psychological pressure behind them, the whole thing would have come to nothing. Some will certainly say that this has nothing to do with the current, modern way of managing and responsible and self-determined users, but it helps tremendously here.
Thank you Markus P.! It sounds like the combination of structure (rules and processes) and openness (open ear for silly questions) might be one of the reasons why IT can be seen as an enabler, would you agree? Do you see a noticeable difference in "top-down" and "self-determination" amongst different teams (e.g. technical vs. non-technical)? 👀
Thank you for sharing this so transparently Markus P.! I am curious if other members have a similar top-down approach and if there are any questions from members even: Lea K. Constantin Z. Milan P. - looking forward to your perspectives as well 💭😊
