Key considerations before enabling Employee Risk Scores

The Employee Risk Scores & Engagement Dashboard is designed to empower our customers with managing and mitigating their employee cyber risks effectively. By combining different risk factors, the risk scores provide insights to enhance cyber security awareness and readiness for our customers.

However, there are some key considerations to think about before enabling risk scores for your organisation.

Functionality Considerations

New end user home page

A new end user home page design will be accessible once you enable any of the risk score settings. This will include notification icons for outstanding content, quick access buttons to see view certificates, user reports and the ability for users to update their profile. 

If you decide to enable the Admin and End User Risk Dashboard, a tile will appear to show end users their current risk score while also providing suggestions on how to improve this. 

End users will be asked to enter their preferred departmental training

On login, after enabling risk scores, end users will be asked to select a department that best matches their role; this question is mandatory. At the moment, we provide a default list of the most popular departments. As this is not customisable, if their related department does not exist, users can simply select 'Other'.

This information will be used to populate the department charts within the Admin Employee Risk and Engagement Dashboard. We also plan to use this information in the future to suggest customised learning content that's related to their department.

Organisational Considerations

Ethical Considerations

  • Consider the ethical implications of using employee risk scores, particularly in terms of individual privacy, autonomy and fairness.
  • Consult with relevant stakeholders, including legal and HR departments, to ensure that the implementation of the feature aligns with the organisation's values and ethical principles.

Data Protection, Transparency & Trust

  • Clearly communicate to employees how the risk scores will be generated, how they will be used, and who will have access to them.
  • Be transparent with employees about the purpose and methodology behind cyber risk scoring.
  • Provide clear criteria and the metrics used to calculate the risk score, so that employees understand how their behaviour contributes to it and how they can reduce their risk scoring.

Employee Education and Training

  • Empower employees to take ownership of their cyber security behaviours and understand how their actions impact the organisation's overall security posture.
  • Ensure that you continually deliver eLearning training and provide support to employees so they can improve their cyber security hygiene and reduce their risk scores over time.

Accountability and Responsibility

  • Clearly define roles and responsibilities for managing and monitoring employee risk scores within the organisation.
  • Hold employees accountable for not adhering to cyber security policies and procedures, but also recognise and reward positive behaviour and contributions to security.
  • Avoid using risk scores as the sole basis for disciplinary actions or performance evaluations, as this can create a culture of fear and mistrust.

 

For further information on Employee Risk Scores, please refer to the following related articles:

Back to all articles