How policy acknowledgement reduces cyber risks
- Amber Oakes
Cybercrime is a continuing threat to every business, both large and small. It’s not going away any time soon, and arguably we’re on the cusp of a new wave of issues as generative AI presents new opportunities for cybercriminals.
The damage from cybercrime can be devastating for a business. Recovering from a ransomware attack can lead to everything from lost revenue from disrupted operations to a significant damage to reputation, which can be very serious if you handle customer data. Similarly, data breaches caused by hackers not only lead to reputational damage but also huge GDPR-related fines: for example, both British Airways and Marriott have both received GDPR-related fines of over 20 million Euros each.
Taking active measures to reduce the associated risks of cybercrime has never been more important. While there are some technical approaches that can help, much of the approach that businesses need to take to rests in driving awareness of cyber risks among employees and ensuring employees take the right actions. This is because so many cybercrimes happen due to employee actions with cybercriminals seeking to exploit vulnerabilities and trick them into giving up sensitive data, frequently using approaches such as phishing.
One tactic that makes a significant difference is ensuring that employees understand your cyber policies and procedures, detailing the do’s and don’ts that can help reduce risk. The only way to ensure that your employees are reading and digesting a policy is to get them to acknowledge they have read and understood a policy. Testing them with additional questions can also check that understanding is embedded.
In this post we’re going to explore the role that employee policy acknowledgement plays in reducing cybercrime and how automated policy management software can help.
The importance of having cybercrime policies
Policies and related procedures and guidelines are an important part of organisational life that help reduce risk, increase efficiency, ensure consistency, guide decision-making, set expectations around behaviour and more. Policies represent the “official” line around processes to follow, how to act in certain circumstances and also define what shouldn’t be done.
Policies around cybercrime are particularly important – not only because of the severity of the risk – but also because employee actions are often a reason that cybercriminals succeed.
Policies relating to cybercrime could cover topics such as:
- Use of specific applications at work.
- Use of unauthorised software for work purposes (shadow IT).
- Use of laptops and mobile devices (device management).
- Spotting phishing emails and similar scams
- Sensible password management.
- Using workplace technology at home.
- Handling customer and employee data.
- Reporting a suspected cybercrime.
- What to do when there has been a cybercrime.
- New and emerging threats.
- And more!
Policies around cybercrime must reflected emerging threats
Another issue is that cybercrime is a fast-moving area. New threats are continually emerging. With generative AI, deep fakes are starting to become a threat, making it even easier for criminals to spoof communications, for example from a CEO.
Emerging threats require additional vigilance, meaning policies will need to be updated accordingly. Employees will also then need be made aware of any policy updates, and it is imperative that this has been fully understood.
Challenges around achieving employee policy acknowledgement
Unfortunately getting employees to acknowledge they have read and understand a cyber-related policy or update to a policy is difficult, making it significantly harder to reduce the chance of a cyber attack.
Common challenges include:
- Employees are already overloaded with information, and even though they are important, policies aren’t always the most interesting documents to read, so it can be hard to get their attention.
- Sometimes version control isn’t consistently applied so there can be multiple versions of cyber-policies in circulation, causing confusion and a lack of engagement.
- There is no way to actually see if an employee has actually read a policy, with teams sometimes relying on email to send reminders, for example, and tracking everything on a spreadsheet, which is highly inefficient and prone to errors.
- Updates in policies are very easy for employees o miss.
The role of automated policy management software in reducing cybercrime
Automated policy management software can help overcome many of the challenges around employee policy acknowledgement by facilitating the process, using automation to drive efficiency, and doing much of the heavy lifting. In this way it can help with efforts to reduce the risk and impact of cybercrime.
Let’s explore some of the features of a robust policy management solution like Xoralia.
Supporting employee policy acknowledgement via attestation
Policy management software offers a straightforward way for employees to acknowledge mandatory policies. By providing easy access to a particular policy through a central hub, employees are asked to confirm they have read and understood a policy via an electronic confirmation or signature. This provides evidence and a digital record that they have done so. Reminders via email notifications can also be set.
To make policy acknowledgement as easy as possible, the Xoralia solution is based on SharePoint, meaning policy acknowledgement is easily accessible to anyone within your organisation who has a Microsoft 365 account. It also means policies can easily be found and accessed at any time.
Using targeting for different roles
Different roles may have different exposure to particular cyber risks. For example, some customer-facing staff or staff who work remotely might have special considerations to make about how they handle client data or secure their home wi-fi, for example. A good policy management solution should be able to target particular groups to read particular policies. This will include new starters required to read cyber policies as part of their onboarding process.
With Xoralia, you can target the employee attestation process to different groups based on Microsoft Entra ID profiles, for example.
Providing effortless access to the latest policies
Employees must only have access to the very latest, up-to-date policies. This is extra important with cyber-related policies as it is an area which is both fluid and fast-moving, and policies may be frequently updated. A policy management solution must have robust document versioning in place.
Using quizzes to reinforce learning
Although employees will acknowledge that they have read and understood a policy, adding quiz questions about the policy can help ensure that understanding is reinforced and embedded. Not every policy management solution has additional quiz capabilities, but within Xoralia the “quiz builder” feature means you can create custom questions, set pass marks and more to ensure employees are familiar with critical cyber policies.
Analytics and reporting
Good policy management software has comprehensive analytics and reporting on the employee attestation process, allowing teams to keep track of who has confirmed they have read a policy. Additional reminders or interventions can then be made, ensuring full compliance and creating high awareness of cyber risks.
Using employee policy acknowledgement to tackle cybercrime
Cybercriminals are continually trying to trick employees to give up their data. The more aware that your employees are of cybercrime and the things they can do to reduce the associated risks, the less likely criminals will succeed.
Having robust policies in place and an accompanying employee policy acknowledge process will make a significant difference – all made possible by policy management software like Xoralia. Why not book a free demo to see how Xoralia can help you reduce cyber risks?
The story behind Xoralia
Xoralia was built by the team at Content Formula, an intranet and digital workplace consultancy that has built SharePoint intranets for some of the world’s most famous companies. Now, most companies want their policies and procedures on the intranet but they don’t just want to store them there, they also want tools to help better manage them. Over the years we came across just about every single requirement for a policy management system. As this article above explains, there are gaps in SharePoint and so we never built what in our mind was the perfect policy management system.
However, one of our clients challenged us to build something for them that filled all the gaps but still used SharePoint at the back end. We had a great relationship with them and agreed to share the budget to do this, provided we could then market the solution to others. That was in 2019. We’re now on version 3 of Xoralia and the product has grown and evolved a lot.
3 benefits you can expect from Xoralia
Make it easy to find policies
Centralised policy library with powerful search and filtering.
Reduce administrative burden
Automations and notifications so that all policy tasks are carried out on time
Demonstrate compliance and best practice
Sophisticated tracking and dashboards to drive and measure compliance.
And lots more!
What our clients say
AppSource review
A great time saver and tool for document management
Tim Galer
IT Coordinator
Hughes
Ideal partner for our regulated environment
Adam Lythgoe
IT Manager
LifeArc
How to get started with Xoralia
Step 1: request a demo
Fill out our form and we will be in touch to arrange a time. You can even book a time yourself.
Step 2: get a price proposal
If you think Xoralia is for you ask us for a quote. This will set out any options you may have.
Step 3: install and launch
We’ll install Xoralia in your environment (or you can do it yourself). We’ll provide training and support to get you up and running quickly.
Here's what you'll get
-
Central policy library
-
Search and filter tools
-
Mandatory read policies with attestations
-
Quizzes
-
Notifications and alerts
-
Employee dashboard
-
Line manager dashboard
-
Works on mobile, in Teams and SharePoint
-
New policy creation workflows
-
Policy update workflows
-
Review and approval gates
-
Policy version history
-
Compliance dashboard
-
Audit trail
-
Full reporting
And last but not least:
-
Professional implementation service and support
-
Evergreen software – frequent updates and improvements
-
Comes with our "it just works" support warranty – we’ll fix any bugs, often before you even notice
Ready to get started?
Connect with us to streamline your policy management and ensure effortless compliance.
AppSource review
Uniting excellence in integration and features for seamless policy management
Rian Stuart
IT Manager
TwinStream
