June 29, 2007: Apple introduced the iPhone, and workforce cybersecurity changed forever. 

Even the experts didn’t see the coming revolution. I hosted a cybersecurity event for CISOs in New York that evening. At one point, I walked through the audience with a mic asking CISOs to discuss challenges in protecting their organizations. One cyber exec mentioned the new iPhone, unveiled that afternoon. “No way that thing is getting access to my network.” 

I saw the same CISO at a follow-up event in September and had to ask how things were going. He admitted, “The next week, my CEO told me to set up his new iPhone so he could use it anywhere.” It was the beginning of BYOD and WFH…and the next stage of cyber chaos.

Here’s why it’s more complicated than ever to engage employees

The fact is that most employees are far more sophisticated about cybersecurity than in those pre-iPhone days. They’re worried about protecting their kids and their aging parents. Most are aware of cyber basics. They just need to be informed of the latest threats in a language they can relate to. 

Are you doing that? It’s interesting to note what the Wall Street Journal concluded this week. One of the main tactics cyber professionals use to inform employees about cyber risks — company-delivered phishing emails designed to test and trap employees — doesn’t work.  

“When it comes to actually getting employees to resist future phishing attacks, these campaigns aren’t that effective. While early research suggested that phishing simulations could reduce click rates on subsequent fake phishing emails by about 50%, more recent studies in more realistic settings and with larger groups found little to no improvement in click rates after mock campaigns were conducted.”

Here is the strategy you need to consider.

At Aware Force, we’ve seen how effective it is to build trust and confidence among your employees. Reward them for their action and interest and give them safe ways to communicate with your team. 

Case in point: twice in recent months, employees have used the form in our twice-monthly cybersecurity newsletter to submit questions that turned out to be alerts about genuine business email compromise schemes. In less than 30 minutes, the cybersecurity teams were able to squash the targeted phishing emails for one reason: employees felt safe enough to ask questions. 

What should your takeaway from all this be?

Simple: use regular communication with your employees to build a safe communication channel with your workforce. 

Engage your employees in cybersecurity all year long with content branded for your company from Aware Force. Check our Cybersecurity Newsletter page to know more or connect with us, and you’ll see why organizations across the US and Canada use outstanding cybersecurity content — branded for them — and delivered by Aware Force.