IT security and cyber safety tips for employees

The 7th of February marks Safer Internet Day, and in today’s high-tech climate, organisations need to protect themselves from cybercrime and comply with data protection and IT security legislation. Although Safer Internet Day’s focus is on students and young people, it’s an excellent opportunity for Irish organisations to increase cyber awareness in the workplace.

Cybercriminals have developed a range of tactics to infiltrate organisations – and organisations without an effective IT security strategy can be susceptible to hacking, fraud and loss of customer data. Insecure networks, untrained employees lacking cyber awareness, and poor IT security policies can lead to failing to comply with regulations such as GDPR, resulting in hefty fines and the potential for significant reputational damage.

Read our guide on how to demonstrate GDPR compliance.

Employees are often the weak link in IT security – 95% of cyber security violations, such as phishing emails, malware, and ransomware, result from human error. A holistic approach to cyber security awareness can help reduce the risk of cyber attacks.

Implementing an information security management system and obtaining certification in standards such as ISO 27001 and Cyber Essentials can provide a robust framework through a process-based approach to monitoring and improving IT security.

cyber awareness and best IT security tips for employees

IT security – 8 cyber safety tips for employees

1. Lead by example

Cybersecurity requires organisational leadership to model excellent cybersecurity behaviours and foster a culture of IT security across sites, departments, teams and individuals. Senior leaders should lead by example, communicating with employees about maintaining cyber security awareness. Leaders should actively support employee training, provide an open-door policy for reporting security concerns, and actively enforce, monitor and report on cyber security metrics.

While a dedicated IT security role within an organisation is helpful, ensuring that employees are clear on responsibilities and tasks, with leaders accountable for their actions, can help embed good IT security practices.

2. Implement IT security training

Cybercriminals constantly discover new strategies to break into networks. It can be a good idea to conduct regular and up-to-date staff security training. Organisations should train all their employees in how to spot common security issues and scams, such as phishing emails, and what to do if they spot a problem.

Ensure that training is recorded and updated with new threats, with employees undergoing refresher training annually.

3. Create a culture of cyber security

Employees can view cybersecurity as a distant issue that doesn’t directly affect their day-to-day role. Consider creating a positive culture relating to cyber security, and ensure employees discuss and understand how IT security issues can affect the organisation, customers and their role in the process.

  • Put staff at the heart of all cyber security changes. Encourage employees to be a part of the decision-making process and ask them for regular feedback about which cyber safety techniques are or aren’t working.
  • Demonstrate how day-to-day actions can prevent breaches and the impact if something goes wrong.
  • Use real-world examples to demonstrate how social engineering can play out, such as when Dublin Zoo lost almost €500k after an employee unintentionally opened a phishing email installed with malware. Real-life examples can help staff discuss and remember the importance of cyber security.

4. Make cyber awareness training engaging

Make training fun and lightly competitive for example, conduct mock phishing emails to see if staff can spot them and reward successful staff. Team bonding exercises like this will positively affect employees and cause them to retain important information better.

online security tips

5. Ensure clear communications

Ensure employees know how to report potential cyber security issues. Managers should provide clear directions on where to report social engineering attacks. Consider using organisation-wide screensavers and desk drops with information on how to report a problem. Use tools such as a dedicated phishing email address where employees can forward suspected phishing emails, which is monitored by IT security teams.

Reward employees who spot and flag security issues and encourage employees to err on the side of safety.

6. Regularly change passwords

Passwords like 12345 or “qwerty” are used by millions of people globally and are easily guessed by cybercriminals. Passwords involving offspring or pet names are also commonplace and can be easily deduced from employee social media platforms.

Encourage staff to use hard-to-guess passwords and enact regular password changes.

Creating a secure password is important to protect your online accounts from hackers. Here are some tips for creating a strong password:

  • Ensure employee passwords are at least 8 characters long.
  • Avoid using easily guessed words like “password” or your name.
  • Use a mix of letters, numbers, and symbols in passwords.
  • Avoid using the same password for all of your accounts.
  • Enforce a password policy of regularly changing passwords.
  • Consider 2FA (two-factor authentication), where an employee must enter a code sent to a device such as a mobile phone in addition to their password.

7. Establish a no-blame culture

Employees may feel embarrassed or anxious reporting unusual behaviour or activity that could be part of a cyber attack, such as downloading malware or falling victim to a phishing email. Employees may worry about the repercussions of blame from management and colleagues if they are held responsible for the problem.

To establish a no-blame culture about IT security, it is important to ensure everyone understands that mistakes are part of the learning process. Instead, employees should be encouraged to learn from their mistakes and to see them as an opportunity for growth.

Creating an environment where employees feel safe to speak up, and flag issues is essential to IT security.

8. Encourage robust IT security when working from home

In the aftermath of a pandemic, more people are working hybrid or remotely, which can reduce the robustness of an organisation’s IT security.

Conduct home assessments of security set-ups as part of training and risk assessments, such as home router firewalls and passwords, through to other household members having access to laptops and mobile devices. Consider 2FA for logging onto systems remotely or deploy a virtual private network (VPN) to control network access.

Communicate with employees that work equipment is monitored, such as personal web browsing on organisation laptops, and outline processes and penalties for employees in breach of IT security rules in your employee handbook.

Get a Quote


Keep up to date with our latest news!


Related ISO Certifications

ISO 9001 - Quality Management

ISO 9001

Quality Management System ISO 9001 is the internationally recognised global standard for Quality Management Systems. It confirms an organisation’s commitment

ISO 14001 - Environmental Management System

ISO 14001

Environmental Management System ISO 14001 standard is the global standard for organisations wanting to demonstrate their environmental credentials. It

ISO 45001 - Occupational Health and Safety

ISO 45001

Occupational Health and Safety ISO 45001 is an international standard that specifies requirements for an occupational health and safety

ISO 50001 - Energy Management Systems

ISO 50001

Energy Management Systems ISO 50001 is a global standard for organisations looking to improve their energy management

ISO 27001 - Information Security Management Systems

ISO 27001

Information Security Management Systems ISO 27001 is the international standard for managing risks related to the security

ISO 22301 - Business Continuity Management Systems

ISO 22301

Business Continuity Management Systems ISO 22301 is the business continuity management system (BCMS) standard. It provides a framework that

ISO 20000-1 - IT Service Management Systems

ISO 20000-1

IT Service Management Systems ISO 20000-1 Service Management is the international standard for quality management specifically focused on IT

ISO 13485 - Medical Device

ISO 13485

Medical Devices ISO 13485 is a globally recognised quality standard that identifies the requirements of a quality management system

ISO 27701 - Personal Information Management System

ISO 27701

Privacy Information Management Systems ISO 27701 is the global standard for Privacy Information Management Systems (PIMS), also known as

Personal Information Management System - BS 10012

BS 10012

Personal Information Management System BS 10012 provides a framework for a Personal Information Management System standard, helping you maintain

ISO 27017 - Clour data protection

ISO 27017

Cloud Data Protection ISO 27017 is the global standard used by organisations to strengthen their current cloud data protection

Cyber Essentials - Certification Europe

Cyber Essentials

Cyber Essentials Cyber Essentials is a globally recognised IT security standard developed by the UK’s National Cyber Security Centre, which is

ISO 20121 - Event sustainability management systems

ISO 20121

Event Sustainability Management Systems ISO 20121 is an internationally recognised standard for event sustainability management systems. It provides organisations


Recent Insights