Friday, September 13, 2013

How To Develop Security Awareness?

Six Steps To Successful Security Awareness Training

If you would schedule an event to teach people about Internet Security, and make it optional to attend, only about 5% of your entire office population will show up. And guess what, those 5% are probably the people that need it least.

Here are the six elements of a successful Internet Security Awareness Training Program

  • Formulate, and make easily available a written Security Policy.
  • Each employee needs to read the document and sign it as an acknowledgment they understand the policy and will apply it.
  • Give all employees a mandatory (online) Security Awareness Course, with a clearly stated deadline. It is highly recommended to explain to them in some detail why this is necessary.
  • Make this Security Awareness Course part of the onboarding process of each new employee.
  • Keep all employees on their toes with security top of mind, by continued testing. Sending a simulated phishing attack once a week is extremely effective to keep them alert.
  • Never publicly identify an employee that fails a simulated attack, let their supervisor or HR take this up privately. Give a quarterly prize for the three employees with the lowest ‘fail-rate’.
  • If you use posters, stickers and or screensavers, change the pictures or messages monthly. After a few weeks people simple don’t ‘see’ them anymore. It’s more effective to send them regular ‘Security Hints & Tips’ via email.

No comments: