Tuesday, 19 September 2023

How to encourage staff to report suspicious cyber activity

Your staff have a key role to play when it comes to cyber security. This includes encouraging them to report any suspicious cyber activity. Find out more:

Your staff have a key role to play when it comes to cyber security. This isn’t limited to helping them understand and recognise common attack vectors – it must also include encouraging them to report any suspicious cyber activity.


Here at Grant McGregor, we’ve written extensively about what part your staff can play when it comes to cyber security. It’s exactly why we offer staff cyber security training for our customers – so you can ensure your staff can recognise suspicious activity and common attack vectors.


Why it is important that staff report suspicious cyber activity

We know that when a cyber-attack happens, it’s important to act quickly in order to limit its effects. This means that if staff click on a dodgy link or download a virus you need to know about it. 

While you might have security monitoring tools in place which will pick up on unusual traffic or block access to blacklisted websites, they are only part of the story. Your staff can also play a key role in helping identify potential threats – boosting your ability to respond quickly to them. 


Why suspicious cyber activity doesn’t always get reported quickly

While it is easy to see why clear and quick reporting of suspicious cyber activity is desirable, it can be more difficult to achieve in practice. Staff are inevitably reluctant to come forward when they perceive that they have done something wrong or might be accused of doing something wrong.

That’s why one of the biggest challenges when encouraging staff to report suspicious cyber activity is cultural. Yes, processes will play a part – but establishing a blame-free culture is fundamental to success.


How to establish a blame-free reporting culture

A 2022 report by Gigamon stated that 88 percent of the cyber security survey’s global respondents believe there is a blame culture in the cyber security industry.

We know that this blame culture prevents people from coming forward and reporting malicious and suspicious cyber activity.

So how can you change this culture? The first step is to make sure staff understand why they should report any concerns – no matter how trivial – swiftly. According to the UK’s National Cyber Security Centre (NCSC) one of the key motivations for swift reporting of suspicious cyber activity is to “make sure cyber security lessons are learned to protect yourself and help prevent future attacks for everyone.”

Investigations into cyber security problems should be open and transparent with a clearly defined process. It’s important that the emphasis is put on fact-finding and that any investigation is not seen as a “witch hunt”. Avoid blaming individuals – focus on the issues as a learning incident.

This won’t only help to establish a better reporting culture. It’s also the best way to find and fix the root causes of the actual incident – whether that be through training, additional technology, or fixing broken processes.


Make processes simple to further encourage reporting

To encourage staff reporting, the process of reporting must be as transparent and as simple as possible. 

Make it as easy as possible to swiftly report an incident. Offer multiple routes so staff can report quickly in the way that is easiest for them – perhaps via a Microsoft Teams app, a SharePoint form on your company Intranet, an email address and a telephone line into your IT helpdesk.

As well as making it easy for staff to report an error, concern or problem, it’s also important to get the back-office processes right as well. Any incident reports must be followed up quickly by a member of staff with the right cyber security expertise. This way, reports are investigated quickly and remedial action can be taken quickly if required.

Any follow-up actions taken should be shared with the staff who made the original report. This transparency adds credence to your system. Without reports being actioned quickly, the onus to report any future issues or incidents will quickly dim.


Education and communication support your culture and raise awareness

As well as putting the right processes in place, you need to ensure that these simplified processes are communicated to staff – so that everyone in your organisation knows exactly how to report a suspicious cyber incident or mistake.

Celebrate swift reporting in your security communications and company Intranet. This way, you can reposition the people who report errors and problems as the heroes rather than as being part of the problem.


Report suspicious activity to the NCSC

When your business has investigated and identified suspicious cyber activity or cybercrime, you should report it to the UK’s National Cyber Security Centre (NCSC) at: https://www.gov.uk/guidance/where-to-report-a-cyber-incident 

If there is a data breach, you should also report it to the Information Commissioner’s Office (ICO) at: https://ico.org.uk/for-organisations/report-a-breach/ 

Communication with staff to inform them when you follow these processes will help to strengthen the positive culture around reporting.


Conclusion: how to encourage staff to report suspicious cyber activity

Encouraging staff to quickly report suspicious cyber activity requires a dual-pronged approach. First, to address the culture around reporting to ensure it is blame-free. Second, to optimise processes to make it easy to report suspicious activity and to ensure that any reports are quickly followed up and actioned.

This way, your staff can play an even greater role in your cyber-security defence and be part of the solution, rather than part of the problem.

What next?

If you’d like help or advice about any of the topics discussed in this article or about cyber security more generally, please get in touch with the Grant McGregor team. We’ll be pleased to help.

Call us: 0808 164 4142

Message us: https://www.grantmcgregor.co.uk/contact-us 

Further reading

You can find additional insights and perspectives on cyber security topics elsewhere on our blog:

•    What is a watering hole attack? 

•    Tips for successfully implementing a zero-trust approach to cyber security

•    Do your backups include this important information?

•    Cyber Crime on the Rise: how can you protect your organisation from it?

•    What are the risks of ChatGPT and large language models (LLMs)? And what should you do about them?

•    Is your business data at risk? Don’t take chances with old tech!