Mike Saurbaugh, a faculty member with IANS Research and independent consultant, stresses that companies should not frame their comprehensive security awareness program so much as a compliance task, but rather, a journey that leads to lasting behavioral changes. Employees need to understand their roles in helping the business achieve a common security vision in an engaging way. Fran Howarth shares his tips to engage employees with a security awareness program in an article for IBM’s SecurityIntelligence:
- Find the motivation.
- Use gamification.
- Form security awareness allies.
- Have public recognition.
- Keep it simple and aligned to the business.
Protect Others and Yourself
People need to know why they’re doing what they’re doing in all tasks. In the always-online culture where everything is just a few clicks away, people are increasingly exposed to phishing, data breaches, or identity theft. By raising awareness of security issues and concerns in a wider context, employees’ interest will be sparked and they will participate for their own sake, not necessarily for a job. You can engage more employees in the program if it is something fun and informative to do, such as using gamification techniques. Promoting security awareness shouldn’t be the sole responsibility of the security team, but different departments or branch locations should be involved.
Employees also want to be recognized for their eagerness in supporting a safe culture in the workplace. Publicly recognizing achievements is key to motivating employees and making them feel valued. This can be best done via the intranet, newsletters, or internal marketing materials, because monetary incentives such as gift cards or extra paid time off can be a controversy-inducing topic that creates envy among employees.
One last thing to remember: Don’t make a big deal out of this. Cyber security is good for your business, but it is not the reason why people are hired. Don’t make it your top business priority, but align it with other business goals to smooth the development process. Saurbaugh also recommends two credible sources to improve the security awareness program:
First, the book “Influencer: The New Science of Leading Change” stresses the need to clarify measurable results, focus on vital behaviors and use sources of influence in order to drive change.
BJ Fogg’s Behavioral Model considers the causes of behavioral change and suggests that three elements — the motivation, the ability and a trigger — must all converge in order to achieve the desired change. While not directly related to security, these two resources will be a valuable aid for better understanding behavior and how the need to drive change will impact the success of the security awareness program.
You can view the original article here: https://securityintelligence.com/top-five-tips-for-creating-a-culture-of-security-awareness-at-work/