The Carrot & The Stick: How to Incentivize Employee Cybersecurity Training

Benji Sawyer
May 6, 2021

Cybersecurity standards in a post-Covid world are changing. Without the safety of having all of your employees under one roof and behind one firewall, it can be difficult to protect against threats. With employees working from their home wifi networks, coffee shops, and other locations outside the office, your data becomes increasingly vulnerable. We’ve already discussed how your biggest cybersecurity threat comes from your own employees and thus how important it is for standardized employee cybersecurity training, but how can you actually promote cybersafe actions from your employees in a way that lasts? By using psychology 101, of course! 

The Stick

When we talk about the stick, we’re not talking about punitive measures. As we’ve mentioned, most cybersecurity breaches aren’t intentional, they simply come from uninformed actions. Your employees could potentially feel that a data breach may impact the company, but not themselves personally, so cybersafe measures are more a nuisance than a necessity. One way to heighten the stakes is to remind your employees that data breaches affect the whole company. Leaked access to company accounts and information could have financial ramifications that affect company 401k programs, bonuses, and even the very stability of the business itself. 

The Carrot 

Positive conditioning works much better than aversive conditioning, so what better way to make cybersafe actions stick than by gamifying them? It can seem corny, but an office leaderboard can be a good motivator in changing habits and behaviors. By incentivizing cybersecurity among your employees with games and contests, you will be associating their cyber-awareness with a positive response. The best example of this is simulating phishing attacks so employees learn to identify and avoid techniques frequently used in phishing emails. Other games can include a last-man-standing elimination game to see who never leaves their computer unlocked when they get up from their desk. 

Turning Cybersafe Actions Into Habits

So, what are we using the carrot and the stick to encourage? Basic cybersafe tips you should encourage among your employees include: 




Data Storage

Social Media


The Limits to Internal Cybersecurity Training 

Know your limits, though. Over-securing your company data can backfire if the requirements are too high. Cybersafe measures that are too restrictive will lead to a kind of rationalization of noncompliance among your employees. For example, having your employees change passwords weekly will lead to passwords being written on post-its in plain sight. So, by having employees understand the reason for the security protocols, and enacting protocols that make sense, employee compliance and engagement in cybersecurity will increase. 

Many of the examples we gave are simple ways to “up your cybersecurity.” But you don’t want cybersecurity to become your full-time job. To ensure your business is protected against internal and external threats, your business needs a comprehensive cybersecurity plan. What does this look like? Well, that depends on the size of your business, your industry, and your specific needs. But don’t worry -- we can figure all that out in just a phone call or two. 

For more tips on employee cybersecurity training, or to find out if you have the right cybersecurity plan in place, reach out to us at Sawyer Solutions!

Click for the BBB Business Review of this Information Technology Services in Pelham AL

Request A Call Back

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.