top of page

Five measures to put in place today to keep your employees safer online

Everyone in your organisation is responsible for cybersecurity. You can avoid being the victim of a cyber-attack if your employees are encouraged to learn about cyber security risks and follow measures that are there to minimise the risk of a cyber security breach. Check out the suggestions below to learn how to keep your workplace secure online, as well as how to strengthen your organisation's cybersecurity defences and reduce risk.

Thorough training that's interactive and relevant

The single most important way to keep your employees safe online is to educate them. This requires more than just an online seminar, or a document to read through and tick. Employees, and this includes the management team, need regular reminders of the real dangers of cybercrime and the frequency of attacks on businesses. So it’s your responsibility to make sure the training is interactive and relevant to them, and not boring! You want your employees to be actively engaged with it for maximum effect.

No blame culture around reporting

Simply put, a no-blame culture recognises that mistakes do occur in the workplace and encourages employees to report them so that they can be corrected as soon as possible, without the risk of individuals and their actions being blamed. Instead, the emphasis is on developing a highly aware workforce capable of identifying issues and mistakes and enabling the organisation to address and avoid them in the future.

Policies and protocols to follow

It’s important to make sure that there are policies and protocols in place for your employees to follow. A cybersecurity policy is a written document that includes behavioural and technical instructions for all employees to follow in order to protect themselves from cybersecurity incidents and ransomware attacks.

In the event of a cybersecurity incident, the policy comprises information regarding a company's security policies, processes, technical safeguards, and operational defensive measures. When drafting your company's cybersecurity policy, keep the following in mind:

  • Company-wide password requirements

  • Specific email security measures

  • Explain how to manage sensitive information.

  • Create guidelines for dealing with technology.

  • Adopt some regulations about online behaviour and social media use.

  • A strategy for responding to a cyberattack.

A clear set of rules and standards for each of these will help with the development of a successful cybersecurity policy that’s simple to understand, and necessary for maintaining a strong cyber approach.

Business continuity plans

Business continuity planning entails identifying potential threats to an organisation that could have a substantial impact, mitigating those risks where possible, and making preparations to ensure that essential business processes can continue in the event of an incident.

A cyber security business continuity plan (also known as an incident response plan) can help your company to identify a variety of cyber threats and outline ways to prevent or reduce incidents as much as possible. It should also include a description of the steps that should be followed to minimise interruptions during and after a cybersecurity incident.

The benefits of an incident response plan or cybersecurity business continuity plan include:

  • decreasing business disruption by providing defined steps, actions, and responsibilities

  • using enhanced knowledge of cybersecurity risks to prevent incidents from occurring.

A company can also ensure compliance with regulators and GDPR by preparing incident responses ahead of time. Are you convinced you’ve taken every step possible to protect your organisation?

Make yourself a hard target and get trained in security awareness today. Contact us to learn more.


The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the West Midlands is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others.  Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the West Midlands provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.


The Cyber Resilience Centre for the West Midlands does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the West Midlands is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page