How to win a gold medal with your security awareness program
To win the gold...a corporate security awareness program aims to make all the employees understand and appreciate not only the value of the company's information assets but also the consequences in case these assets are compromised. In theory, the process is straightforward and painless. But as every IT/security manager knows, in real life, an awareness program can be a huge headache - especially in a large enterprise.
How do you plan correctly when implementing a security awareness program? How do you determine what tools will be effective in your organization? And...how do you create a winning program that wins a gold in terms of making everyone aware?
A couple of simple rules:
1. Do the training yourself - ensure that you do your research. Understand how employees use the syetms and for hat purposes, who has access to what and why? Understand the dynamics of your organization. Be well versed on the policies, goals and initiatives within your organization that might impact the program.
2. Get executive buy-in - without the right buy-in you will not succeed...period.
3. Create a focus group - get individuals from each department involved in the process so they can help you to build the right messaging and communicate effectively to the different groups within the organization.
4. Communicate, communicate, communicate again - use different techniques to get the message across. Be succinct and clear in all communications used and ensure that a regular frequency is maintained throughout the year.
5. Above all...make it FUN! In general, people are frightened about security breaches and risks. Try to remove the scary aspect by getting them involved.
6. Lead by example. Act swiftly and communicate rapidly if a security incident occurs. Ensure you are adhering to the policies within the organization and take every opportunity to communicate and reinforce the awareness message.
We would welcome your input into this conversation. Let us know what methods you have used to get that additional "edge" to create a wining program.
How do you plan correctly when implementing a security awareness program? How do you determine what tools will be effective in your organization? And...how do you create a winning program that wins a gold in terms of making everyone aware?
A couple of simple rules:
1. Do the training yourself - ensure that you do your research. Understand how employees use the syetms and for hat purposes, who has access to what and why? Understand the dynamics of your organization. Be well versed on the policies, goals and initiatives within your organization that might impact the program.
2. Get executive buy-in - without the right buy-in you will not succeed...period.
3. Create a focus group - get individuals from each department involved in the process so they can help you to build the right messaging and communicate effectively to the different groups within the organization.
4. Communicate, communicate, communicate again - use different techniques to get the message across. Be succinct and clear in all communications used and ensure that a regular frequency is maintained throughout the year.
5. Above all...make it FUN! In general, people are frightened about security breaches and risks. Try to remove the scary aspect by getting them involved.
6. Lead by example. Act swiftly and communicate rapidly if a security incident occurs. Ensure you are adhering to the policies within the organization and take every opportunity to communicate and reinforce the awareness message.
We would welcome your input into this conversation. Let us know what methods you have used to get that additional "edge" to create a wining program.
Comments
Post new comment