3 min read

Ransomware, while not a new model for hackers, has certainly been wreaking havoc on businesses in 2016 – particularly in healthcare and financial services.

While your business’ data security program should consist of many components, perhaps the most effective defense to ransomware is building a culture of data security amongst your employees.

By nature, ransomware relies primarily on “social engineering”, baiting people into clicking a link in an email or other method of ultimately downloading a malicious program into the company network. Once on the network, the ransomware goes to work encrypting files or an entire hard drive rendering them inaccessible followed by a demand for money in exchange for decrypting the data again.

While there are certainly technology and protocols that should be employed to defend against ransomware, malware, and any other form of data breach, let’s start with the “people” factor as that is the vulnerability ransomware most frequently preys on.

Weakest Link

Chief Information Security Officers and data security experts agree that the weakest link in a company’s security chain is typically people. Businesses of all sizes should consider building a culture of data security by 1) Training, 2) Empowering, and 3) Incentivizing employees to be on guard for data breach attacks.


Offer employees interactive training resources like seminars, webinars as a benefit to help them protect their own personal data security. Employees that are more security-savvy for their own personal data safety are going to be great defenders of the company’s data as well.

This can be built into and marketed as an employee benefit along with common benefits like medical, dental, legal counsel, and more.


Communication from upper-management on the danger of cyber-threats and the critical role every individual plays in protecting the business’ and customers’ data. Every employee should walk away feeling that cybersecurity is a real threat to them and their colleagues and that they are encouraged to be vigilant and report concerns to IT.

Incentivize (or “Gamify”)

One way companies can really solidify this culture of security is through Gamification. For instance, consider developing a scoring system by which employees can report/forward suspicious emails to the IT security department. Should the email be a legitimate threat, points are given the employee.

Awareness Leaderboard

The points can be displayed on a leaderboard for bragging rights and also points could be exchanged for rewards once certain levels are achieved. It may sound silly, but if the rewards are appealing and the bragging rights are fun, that may easily be enough to make every single employee a security watch dog for your company!

Take Care of the Basics

Building a culture of security amongst your employees is one “cog” in your security system. There are many others.