teissTalk: Help your colleagues help you with an enhanced security awareness programme

Views on news

There are three different ways security leaders and their teams can empower their organizations to better protect against cyber threats. As agentic AI adoption is increasing at breathtaking speed, the first step is to create visibility. Establish a way to monitor AI to see what it’s accessing, which users are using it, and what they’re using it for. The job in 2026 should be about moving the few levers that bend risk fastest under real-world constraints: require routers, VPNs, and firewalls to produce forensically capable logs and prove you can pull them. In the AI era, where adversaries weaponise automation to embed malicious content or bypass traditional defences, organizations cannot afford to treat file transfers as routine infrastructure. Harden identity, especially where friction pays. Make phishing-resistant MFA mandatory for admins and all critical systems. Shorten token lifetimes and bind sessions to devices. Take advantage of encryption, access policies and auditable trails that demonstrate accountability. 

The article makes a good case for why those trying to raise cyber awareness should ensure their language is not too technical. In fact, there is much more to cybersecurity than the technical side of it. 

Making cyber security sexier

If you attach a message to someone’s personal life, they will get more receptive to the idea, and it will land more permanently – this is how the human brain is programmed. Talking about family and children’s cyber security can serve as a topic that eases employees into cyber awareness programmes. Cyber incidents also offer great opportunities to improve cyber hygiene by, for example, explaining leadership how they can protect personal data on their LinkedIn profile to minimise the risk of social engineering attempts. Reframing cyber security as digital safety may also boost the efficacy of programmes. Similarly to marketing, metadata could be used to better time cyber awareness campaigns, factoring in how the value of a message is degrading in time. You can bring the message to platforms that employees use on a regular basis with memes and short videos on Teams or Slack. 

You can measure the success of campaigns with metrics such as how much time employees spend reading a message, how many colleagues they’ve shared it with. Measuring the level of understanding the message is trickier. But from an educational perspective, understanding is just the second of the six different layers, the deepest one being creation. 

The panel’s advice

• Tell not only the complex story of the criminal but the simpler success stories of the individual employee too.
• The method cyber security professionals should use to get the message across is multi-channel marketing – delivering the same message repeatedly through different communication channels and formats.
• Former hackers can be the best marketers for cyber security, as they have a full understanding of all the techniques used in engagement psychology.
• Think of your employees as your clients and have a reciprocal conversation with them.