Revolutionizing Employee Engagement in Cybersecurity with B2E

Robust cyber security lies in human alertness and participation as much as cutting-edge technology. 88 percent of data breach incidents are caused by employee mistakes[1].  

With email, social media, apps, and internal channels like Slack competing for employee attention, CISOs must be innovative in how they approach security awareness. Enter the Business-to-Employee (B2E) strategy. B2E regards employees — not as passive receptors of information — but as active, interested participants in your enterprise's cybersecurity culture: they are your cybersecurity heroes.

The B2E Model - A New Paradigm in Cybersecurity

B2E abandons traditional top-down approaches to communication and instead focuses on providing employees with personalized, interactive communications that resonate with Gen-Z. B2E treats employees as internal customers who deserve the same attention, respect, and tailored content provided to its external customer base. And the result is a more engaged workforce, better equipped to engage with cybersecurity challenges.

Tailoring Messages for Maximum Impact (the 3R)

cyber security awareness - cybersecurity techniques

Creating impactful content in cyber security awareness requires understanding your organization's unique landscape. Employees best respond to messages that are relevant, relatable, and resonant with what they do on a day-to-day basis, beyond the company's boundaries, and also focus on their families’ safety. B2E ensures that the content provided to members of your workforce also fits employees’ personal needs. Cybersecurity is now high-profile enough that most workers are aware of the basics and interested in ways to protect their jobs and themselves. 

Better Reach by Using Various Channels

cyber security awareness - Better Reach by Using Various Channels

Smart leadership is tapping different channels, from walled social media to email newsletters and interactive web portals, to ensure employees of all demographics are engaged in cybersecurity awareness. A multi-channel strategy is necessary to ensure dialogue and engagement. Done correctly, this strategy works — employees appreciate the effort and think of cybersecurity professionals as subject matter experts who protect the enterprise.

Interactive and Engaging Learning Style in Cybersecurity

cyber security awareness - Interactive and Engaging Learning Style

Training modules should be interactive and engaging. Some employees learn by reading, some by watching, and some by clicking. One-size-fits-all approaches are a waste. Innovative cybersecurity programs involve gaming, storytelling, and interactive features, including short-form videos and real-time quizzes. 

Bite-Sized Content to Combat the Forgetting Curve

cyber security awareness - Bite-Sized Content to Combat the Forgetting Curve

Dropping a large amount of content all at once and refreshing it for months is ineffective. Cybersecurity content should be delivered in bite-sized sessions. Unlike many “left-brained” engineers, most employees respond to conversational, short-form content that is repeated often. Revisiting topics keeps cybersecurity top-of-mind.

Personalize the Content

cyber security awareness - Personalize the Content

The element of personalization is inherent in a B2E approach. Consider utilizing elements with your organization’s branding and include company-wide cyber initiatives that interest employees, like badges, profiles, and opinion polls. Personalized content that spotlights employee questions and experiences adds to the effectiveness of cybersecurity outreach.

Creating a Cyber Secure Culture

cyber security awareness - Creating a Cyber Secure Culture

Ultimately, the aim of the B2E strategy is to enshrine cybersecurity awareness within the fabric of corporate culture. Open communication channels where employees can share insights and observations provide a sense of ownership of the problem. This is a huge opportunity for IT leadership to grow its influence because a cyber-aware culture is a resilient culture.

Evaluating B2E Initiatives for Success

cyber security awareness - Evaluating B2E Initiatives for Success

To further evaluate the effectiveness of B2E initiatives, a second area of focus is to measure engagement and awareness. It's important to set up regular feedback mechanisms, initiate survey tools, and track metrics of engagement. And be prepared — the metrics will not always generate continuous improvement. Just as social media and other marketing channels evolve quickly, you will need to, as well. There will be plateaus in employee engagement, which will signal a need for your team to find new creative approaches. 

How to Deliver Next-Generation Results — for only five minutes of your time with a B2E strategy. 

Using a B2E approach in cyber security awareness is not an information-passing initiative but an avenue whereby every employee actively takes part as custodians of your cybersecurity outreach. You want honest feedback, particularly when it’s hard for your team to hear. Encouraging and acting on that feedback is how you build a more engaged, informed, and resilient workforce.

At Aware Force, we deliver bespoke cybersecurity content. It’s topical, easy to understand,, relevant material that employees love — and as a result, they frequently let IT teams know how much they appreciate the effort. The content is fresh, interactive, and customized for your organization. Best of all, Aware Force requires a very small time commitment from you and your team. 

Our content empowers your employees to protect your organization, themselves, and their families. Aware Force is cost-effective and delivers measurable results that can be shared with senior management and the board.

If you’re settling for a “check the box” approach, check us out. Aware Force will turn your team into cybersecurity heroes. We pick up where your cyber security training leaves off, ensuring that your workforce remains vigilant and informed.

Check out our extensive cyber library and awesome cybersecurity news service — with multimedia content branded and tailored for you. 

.

Sources: 

[1] Stanford University / Tessian

Data privacy: 4 online retailers that are spying on your employees during work hours

“Every move you make, I’ll be watching you.” That 80’s hit from The Police might sound creepy nowadays, but it perfectly depicts how online retailers track “every breath you take.”

How much do you think your employees value their data privacy? The answer is probably not as much as you would hope for the sake of your network’s integrity.

According to the Pew Research Center, only 40% of internet users in the United States are worried about companies selling their personal data or people stealing their identity online. Top that with Americans becoming less knowledgeable about data privacy laws: 72% have little to no understanding. This is up from 63% in 2019

The Target’s Pregnancy Prediction Model

Here’s an example from 2013 that is even more relevant with modern behavior tracking technology, Target, the 6th biggest retailer in the US, sent coupons for baby products to a teenage girl in the Minneapolis area. Her father was furious and complained to the store manager, who apologized. A few days later, the father called back to apologize himself. It turned out that his daughter was indeed pregnant, and Target had figured by tracking her online behavior and learning of her pregnancy before the family did.

This illustrates how retailers can use data to make assumptions about customers and how much information they collect. According to another study by the Pew Research Center, 91% of Americans feel that they have lost control over how their data is collected and used by companies. 

A report by The Atlantic found that online retailers track customers’ every move, from the products they browse to the items they purchase.

Employer-issued devices are being used for more than just work.

A study by IBM found that employees spend an average of 1 hour 12 minutes per week shopping on company-owned computers, a big concern for data privacy. This may seem like a small amount of time, but it adds up quickly, and it’s enough for retailers to collect a significant amount of employee data.

Proofpoint found that 25% of employees use employer-issued devices at home for personal activities like online shopping, gaming, and social media. There’s more: 55% of those users extend device access to family members or trusted friends.

How confident are you that your employees stay safe while surfing and shopping?

Are you actually aware that your staff is likely doing more than work-related tasks on company devices and potentially exposing a lot of personal and sensitive information?

What information is being collected by online retailers?

Online retailers are tracking their user’s every move. Collected data exposes sensitive information and increases vulnerability to phishing attacks.  

So…what types of information are these companies collecting?

Here’s a look at the six biggest online retailers in the US and information they collect* from their users. 

Amazon

“Hi, Mr. Bezos. I know you’re listening.”

Amazon, the largest online retailer in the US, has a market share of 37.6%. They collect a wide range of data, including:

Amazon has been in the news several times for its data collection practices. In 2019, it was revealed that Amazon employees were listening to recordings of customers’ conversations with Alexa. In 2021, Amazon was fined $888 million by the European Union for illegally collecting and using personal data from its users.

Walmart

The second-largest online retailer, with a market share of 6.4%. They collect the following data:

Many have been surprised with Walmart’s use of facial recognition technology in its stores.

Apple

Claiming to be a privacy advocate, Apple collects the following from its users:

And Apple is constantly under scrutiny for its privacy policies, which sometimes seem misleading. 

eBay

The giant auction and marketplace seems to have no regard to data privacy, since it collects 28 data points in its Android app, making it the app that collects the most data from its users. Some of the data collected are:

Ebay has also received a lot of backlash for sharing user data with marketers.

And as for just about all the other online shopping platforms:

This list goes on. If a retailer is selling merchandise, it is tracking shoppers’ behavior. The data collection is massive and, 3 out of 4, share this data with third parties.

Improving data privacy company-wide

Employees should be educated and reminded about how much of their personal information is being collected and shared and what it represents to them and their families. Online privacy is crucial, especially for corporations.

How often should data privacy be enforced in a company?

Do not wait until the next cybersecurity training session. Data privacy should be constantly reinforced company-wide through email or other internal media platforms.

Engage your employees year-round and turn them into cybersecurity heroes with content branded for you by Aware Force.

Our latest infographic about online privacy in 2024 includes eye-opening facts about how your personal information is used online, how users feel about that, and useful steps that can limit how much of your information is available to marketers.

We’re standing by to show you truly innovative ways organizations use Aware Force to engage their employees. (And the employees let them know how much it’s appreciated!)

It’s essential to be aware of the risks involved in online shopping and to take steps to protect your data. Stay safe out there! 😊

* Disclaimer: This article reflects the data and privacy situation as of the publication date. Online data collection and privacy practices may change over time. Please verify the current information before using or acting upon any of the content in this article.

Sources: Pew Research Centar, Statista, Atlantic, IBM

Holiday-safe online shopping: 10 ways your employees can stay protected

Regarding safe online shopping, numbers are the best introduction I can deliver:

According to a study from the Ponemon Institute, 65% of employees admit to using their company computers for personal shopping at least once a week. Of those, 25% say they use their company computers for shopping more than once a day.

Astonishing statistics for holiday online shopping in 2023

safe online shopping 2023: Data about sales during the holiday period

It’s Christmas on the deep web as well.

Common Cyber Threats Faced by Online Shoppers

Online shoppers face increased cyber threats during December, including over 3 billion phishing emails sent each day:

Phishing scams and fraudulent websites: Cybercriminals create fake websites and emails that mimic legitimate e-commerce platforms, tricking users into entering their personal information and credit card details.

Malware and ransomware attacks: a 30% rise in attempted ransomware attacks during winter holidays. Malicious software can be downloaded through infected links or attachments, compromising devices and encrypting data, demanding a ransom payment for decryption.

Data breaches and identity theft: Experian says one in four consumers will be targeted by identity thieves. Data breaches compromise large databases of personal information, exposing individuals to identity theft, financial fraud, and other cybercrimes.


Give Your Workforce the Gift of Safe Online Shopping

To help your employees protect themselves from cyber threats while enjoying the convenience of online shopping, consider these ten essential tips:

1. Take the time to verify the website is the real thing — not an imitation.

Safe online shopping: verify websites

(Credit: Rawpixel)

Only shop on websites that you trust and recognize. Look for the padlock symbol in the address bar (https://) and check for security certifications.

2. Don't use your debit card for online purchases.

Don't use your debit card for online purchases

(Credit: Rawpixel)

Your main debit card might give hackers direct access to your bank funds.

Opt for disposable credit card numbers or mobile payment apps, limiting the potential damage if your card details are compromised.

3. Avoid using public Wi-Fi for online shopping.

Safe online shopping: avoid public wifi

(Credit: Freepik)

Public Wi-Fi networks are often unsecured, making them vulnerable to eavesdropping and interception of sensitive data.

4. Check out the seller.

Check out the seller.

(Credit: Freepik)

Before making a purchase, research who is doing the selling. Check for online reviews and read customer feedback.You can also use a tool like the BBB Scam Tracker to verify the seller's legitimacy.

5. As always, be cautious about clicking links or attachments in emails.

be cautious about clicking links or attachments in emails.

(Credit: Rawpixel)

Phishing emails often contain links or attachments that lead to malicious websites or download malware. Always hover over links to see the actual web address where it will take you, and never open suspicious attachments.

6. Keep the software on your computer and smartphone up to date.

Update software on your computer.

(Credit: Rawpixel)

Regularly update your operating systems, web browsers, and other software applications to ensure you have the latest security patches and protection against known vulnerabilities.

7. Be suspicious of products and posts on social media. 

Raise cyber security awareness: be suspicious of products and posts on social media

(Credit: Rawpixel)

Cybercriminals often use social media platforms to spread phishing scams, fake deals, and malware-laden links. Be wary of unsolicited messages, links, and attachments, and never click on suspicious promotions or offers.

8. Use a trusted password manager.

Use a trusted password manager.

(Credit: Rawpixel)

Create strong and unique passwords for all your online accounts, and consider using a password manager to store and manage your passwords securely.

9. It’s ok to lie on those shopping forms.

To protect your data, maybe lie on those shopping forms.

(Credit: Rawpixel)

Avoid oversharing personal information on online forms or social media platforms. Only provide the minimum information required to complete a transaction or create an account. There’s no reason an online retailer needs to know your birthdate, cellphone number, or your mother’s maiden name. Lie in the form or omit information if necessary.

10. Got scammed?! Get revenge.

report scams to authorities and IT teams.

(Credit: Rawpixel)

If you suspect you've been scammed, act promptly. Report the incident to your IT department, the Federal Trade Commission (FTC), your state's attorney general, or even the FBI.

One more thing about safe online shopping

Cybersecurity is a collective responsibility, and every employee plays a vital role in protecting your organization's assets and data. By equipping your employees with the knowledge, tools, and awareness they need to navigate the online shopping landscape safely and securely, you can significantly reduce the risk of cyberattacks and safeguard your organization during the holiday season and beyond.

Share this information with them.

And, if you need assistance educating your workforce and raising awareness about the risks of online shopping, look at our Cyber Library, where you can find cybersecurity resources branded for your organization, like our guide for safe online shopping.

Online shopping Awareness

Safe online holiday shopping

Help your team to be smart and stay safe when shopping online with this helpful PDF branded for your company. 

This PDF guide includes tips on how to:

  • Identify and avoid fake ads and websites
  • Choose trusted retailers
  • Evaluate online reviews
  • Pay safely and securely
  • Protect their personal information

See it in the Aware Force Cyber Library

Too busy to take care of your daily workflow to focus on educating your workforce?

Aware Force is here. We deliver timely, relevant content year-round — branded and tailored for your organization, reinforcing your team’s role as subject-matter experts.

Aware Force’s content is easy to use and ready to integrate with your existing cybersecurity programs.

It’s ideal for intranets, websites, internal social media, and your onboarding program.

We’re standing by to show you truly innovative ways organizations use Aware Force to engage their employees. (And the employees let them know how much it’s appreciated.


Sources:
1,2,3,4,5: statista.com
6: capitalcounselor.com

7: darktrace.com

8: cybereason.com

9: National Fraud Intelligence Bureau (UK)

5 Reasons Why Your Cyber Security Training for Employees Falls Short

“The videos are so bad. I let it play in the background while I did something else because I couldn’t fast-forward through it.” “It’s the same stuff over and over.” “It doesn’t relate to what I do.”... That’s what your employees say about your cyber security training.

Is it frustrating? Are your readers grudgingly doing their quarterly cyber training to get it out of the way? It’s happening because you’re focused on checking the boxes — not what will engage the user.

This is a global problem because the stakes are so high. 9 out of 10 breaches still involve employee behavior. Trying to influence that behavior is a highly profitable multi-billion-dollar business. The biggest player in this space went public and is going private again — enriching its investors — but, seriously, have you ever heard an employee talk about how good it is?

Why do your employees forget their cybersecurity training by lunchtime?

Human memory is not designed for long-term retention of information, especially when it's not reinforced regularly. One-off cyber security training sessions fail to make a lasting impact. Without consistent reinforcement, employees gradually lose the knowledge, and 90% of it is gone within a week.

The effectiveness of a training program hinges on its ability to engage. Unfortunately, many cyber security training materials fail to capture the attention of employees. They’re bored with it. They’re checking the boxes, too. 

Here are five of the reasons why your cyber security training comes up short:

Reason 1: Repetition

Repetitive staff cyber security awareness training

Image by Storyset on Freepik

The Problem

Repetition can be an effective tool for learning math and language, but too much leads to diminishing returns. An annual cycle of delivering the same material creates employees' sense of déjà vu. They tune out. 

How it Affects Employee Engagement

Employees disengage when training becomes monotonous and repetitive, leading to reduced information retention. The goal should be creating a “buzz” in your employees’ brains — “hey, wait, that doesn’t look right” — because cybersecurity will never be top of mind unless they’re on your IT team.

Reason 2: Boredom

Image by Storyset on Freepik
Boring cyber security training for staff

The Role of Engagement in Learning

Engagement is crucial for effective learning. Engaged employees are likelier to pay attention, participate actively, and retain information if the content is relevant to their lives, current in its scope, and in language that’s easy to understand. Traditional cybersecurity training programs just don’t work that way. Lengthy, text-heavy presentations and dry technical jargon is boring.

Why Boring Training Fails to Engage

Boring training materials lead to cognitive dissonance—employees tune out the content. They struggle to connect with the subject even though they’re interested in it! Most employees care about protecting their employers and, certainly, protecting their families from cybercrime.

Reason 3: Irrelevance

Irrelevant cyber security training for staff

Image by Storyset on Freepik

The Significance of Relevant Training

Employees are more likely to invest in cybersecurity training when they perceive its relevance. Effective training should equip employees to protect company data and help them safeguard their personal information and families. Yes, workplace cybersecurity is the priority. But smart cyber professionals realize that content about protecting their homes and kids is a strong hook to get them involved at work.

Irrelevant Training Leaves Employees Disinterested

Training that lacks relevance feels like a chore. Employees who fail to see the practical application of cybersecurity principles will struggle to engage with the material. It is a missed opportunity to foster a sense of personal responsibility.

Reason 4: Forgetfulness

Forgetful staff cyber security awareness training

Image by Storyset on Freepik

The Forgetting Curve Phenomenon

It’s a fact: we just don’t remember much of what we learn. The “forgetfulness curve” is a well-documented psychological trait. Information retention declines over time when there's no effort to reinforce learning. Employees may quickly forget the knowledge acquired during training sessions without periodic reinforcement.

Addressing Forgetfulness Through Spaced Learning

To combat the forgetting curve, cybersecurity training should incorporate spaced learning. This approach involves delivering information in smaller, spaced-out sessions over time. Regularly revisiting key concepts helps reinforce employees' understanding of security practices.

Reason 5: Lack of Application

Employee computer training - Lack of application

Image by Storyset on Freepik

The Need for Practical Application

Effective security training should extend beyond theory to practical application. Employees need to understand not just the "what" and "why" of security practices but also the "how." Employees may struggle to implement security measures in real-life scenarios without practical application.

Bridging the Gap 

To bridge the gap between training and practical application, incorporate real-life scenarios into your training. Interactive examples, quizzes, videos, and real-world stories can help employees develop the confidence to identify and respond to threats.

Solutions for Effective Cyber Security Training

It’s time to shake things up. By integrating strong content and promoting continuous learning, you can equip your employees with the knowledge and skills to defend against evolving cyber threats.

As you know, your employees are your strongest asset in the fight against cybercrime, and effective training is the key to unlocking their potential.

Cybersecurity training doesn't have to be boring, repetitive, or ineffective. To create engaging and impactful training programs:

How to Promote Continuous Learning

Encourage employees to adopt a mindset of continuous learning and self-improvement in cyber security. Aim to deliver relevant, snackable cyber security content at least once a month.

Most importantly, drop the tech talk

How Aware Force Delivers Next-Generation Results — for only five minutes of your time.

At Aware Force, we deliver bespoke cybersecurity content. That's timely, relevant material that employees love — and let IT teams know it without being asked. The content is fresh, interactive, customized to be relevant to you and your organization, and best of all, requires only a few minutes to send to your organization.

Our content empowers employees to protect themselves and their families at work and in their daily lives. Aware Force is cost-effective and delivers measurable results for senior management and the board.

You’re settling for a “check the box” approach when you could easily be delivering a solution that makes your team the cybersecurity heroes. We pick up where your cyber security training leaves off, ensuring that your workforce remains vigilant and informed.

Check out our extensive cyber library and our awesome cybersecurity newsletter — all branded and tailored for you. 

Cyber Monday Scams: How to Prepare Your Team for 3 of the Most Feared Threats

Get ready for a story about a cyber snowball of epic proportions:

2013. Sharpsburg, Pennsylvania. Leaves are getting rusty and falling from the trees, temperatures are starting to dip below the 50’s. It’s cold, with a gentle breeze outside. Autumn is looking great so far, and Thanksgiving is approaching. 

An employee from an HVAC company sits behind his monitor. Black Friday and Cyber Monday are right around the corner. So, he’s using some of his free time to browse the deals online.

He comes upon an ad for a discounted product, clicks it, and receives an email with a link. He clicks the link

Unknowingly, he has clicked on a malicious link, infecting his computer with malware, allowing hackers to access his company's network. The attackers steal credentials and customer data, including names, addresses, phone numbers, and Social Security numbers.

This unspectacular event from the little-known company would wind up playing a major role in a devastating cyber attack, affecting millions of Americans and costing one of the biggest retailers sales and a decline in its stock price. Oh, and the CISO her job.

It happens that this particular HVAC company was a contractor of Target, the US retailer with nearly 2,000 stores. After infecting the company’s network, the attackers expanded their target to the HVAC’s customers, including Target itself, and were able to use stolen credentials from the contractor to gain access to Target’s network, seizing the personal and financial information of millions of Americans. 

It’s the famous Target breach. Ultimately, cybercriminals were able to steal 40 million credit and debit records and 70 million customer records. In addition to reputational damage, Target’s net earnings dropped from $1.47 a share the year-earlier holiday quarter to 81¢ a share. 

The scenario for Cyber Monday 2023

A year ago, Americans set a new record for shopping online, spending $11.3 billion on Cyber Monday, more than any other shopping day that year.

Look for a new record this year., By some estimates, consumers in the US alone will spend $13.7 billion online. Last year, the average American spent between $113 and $147 on Cyber Monday.

Online shopping Awareness

Safe online holiday shopping

Help your team to be smart and stay safe when shopping online with this helpful PDF branded for your company

This PDF guide includes tips on how to:

  • Identify and avoid fake ads and websites
  • Choose trusted retailers
  • Evaluate online reviews
  • Pay safely and securely
  • Protect their personal information

See it in the Aware Force Cyber Library

What cyber threats to look out for during Cyber Monday 2023

Here are three of the most common Cyber Monday scams to keep in mind this year and how to spot and avoid them: 

Fraudulent websites and online stores

Criminals create fake online stores or spoof real ones. These websites — often online for only a matter of hours — are designed to steal personal or financial information or to trick users into buying non-existent products.

How to spot and avoid fraudulent websites:

Fake delivery scams

Fake delivery notifications or order confirmations are sent to shoppers, claiming an issue with the shipment: a delay, a missing package, or a fee. The scammers then ask the shoppers to click on a link, call a number, or reply with personal or payment information to resolve the issue.

How to spot and avoid fake delivery scams:

“Too good to be true” Ads

They will be all over social media and blogs: flashy ads with impossibly low prices. Often, these ads take the user to fake websites. 

How to spot and avoid fake ad scams:

Other scams to keep in mind

A few other scams that you can expect to hit the online shelves this autumn are:

How do you keep employees alert and protect the company?

Cybersecurity awareness is crucial during the holidays. Creating and maintaining a cybersecurity awareness program is challenging and time-consuming.

Right now, organizations should engage employees with helpful, time-sensitive content.

Too busy to take care of your daily workflow to focus on educating your workforce?

Aware Force is here. We deliver timely, relevant content year-round — branded and tailored for your organization, reinforcing your team’s role as subject-matter experts.

Aware Force’s content is easy to use and ready to integrate with your existing cybersecurity programs.

It’s ideal for intranets, websites, internal social media, and your onboarding program.

We’re standing by to show you truly innovative ways organizations use Aware Force to engage their employees. (And the employees let them know how much it’s appreciated!)