Employee Security Awareness Program!

Employee Security Awareness Program!

A section of security breaches are caused by employees, whether accidentally or deliberately. Security breaches would tantamount to:

  • Theft of data and confidential information such as financial figures, tender amounts, etc.
  • Opening infected emails and unknown attachments from unheard senders.
  • Leaving workstations on at the end of the day.
  • Disclosing passwords to peers, family and friends.
  • Installing unauthorized software for personal use.
  • Lack of virus software updates.
  • Using internet resources for personal use.
  • Improper use of laptops or other devices, leading to loss of proprietary information.

To prevent security breaches of any kind, organizations should strengthen and solidify all their security systems and technologies, establish formal practices and invest in security awareness programs. This program is aimed at making employees understand and feel responsible for security of the Company’s assets and the consequences in case these assets are compromised.

Listed here are simple strategies from industry experts:

  • The Company should discuss its expectations from employees. Awareness implies bringing about a change in employee behavior. Describe what constitutes a security breach, how to report a breach or incident, organize learning sessions and have all security-related rules and regulations posted on the Company’s intranet for reading.
  • Organizations should do their groundwork. Before choosing a security awareness program, they should know who has access to what and who needs to access what. Knowing this is essential as the dynamics of the program changes with the needs of organization. Security measures at a leading investment bank would be different from those implemented by a construction company.
  • Keep the security program flexible. What is good today may be outdated tomorrow. Introduce new technologies, change business models, introduce new objectives, etc.
  • Expect results, not miracles. Spiteful employees will hinder the understanding and implementation of a Company’s security program. Make employees aware of the to-be-followed repercussions for security breaches.
  • It is vital for the top management to be involved with the security awareness program. Without visible executive leadership supporting the program, employees will take it easy and break the rules.
  • Simplify your communication lines. The program’s success depends on how effective the lines of communication are between employees and top management. Send out a monthly or bi-monthly newsletter updating employees of the existing and future security initiatives. Set up an e-mail id or special telephone line for employees to report security breaches or accidents.
  • Explain each aspect of the program in detail. Curiosity may prompt employees to try out the various features of the program. Verbally explain that pushing the blue button may lead to system shutdown, while pulling the chain rings an alarm.
  • Make sure that each employee is updated on the program. Lack of knowledge can pave the way for expensive lawsuits and the like. Keeping each employee on the same page is the key to a successful implementation of the security awareness program.
  • Measure the effectiveness of the program by organizing security quizzes, tests, etc. To know whether your employees read security-related documents posted on the intranet, use the stats counter to know the number of times an employee reads those documents. Offer rewards to employees for improving their security behavior. Announce the winners’ names through newsletters or e-mails, compare their before and after training progress, etc.
  • Mention employees’ role clearly for them to understand each security policy. If employees understand their importance in keeping the Company’s data and information secure, they will alter their behavior and think twice before divulging any confidential details.

To put it simply: For successful implementation of a security awareness program, employees at every level need to understand basic securities policies as well as their responsibilities.

Do share your thoughts on the same.

  • Laura Joki

    What the next step?

    Implementation of procedures to increase employee “buy-in” and loyalty to the company. What can you do to eliminate the “spiteful” wild cards? Identify them, work with them and if they do not shift, put someone in their place who can be trusted.

    I worked as an IT manager for years and my number one security and IT strategy was:
    “Be likable so people come to you early with issues and so they feel guilty if they think about betraying your relationship”. I was good to the people I served and they were good to me in return.

    Relationship
    Relationship
    Relationship

    If you have “spiteful employees, you have bigger issues than security problems.

  • You touched an aspect of human behaviour which is deeper than the skin. Most of the triggers of breach come by way of an impulse. The reasons can vary from simple playfulness to complex behavorial. People break rules and norms when past experience and trade-off between success and failure has favoured success leading to discretion. The process may start at school , leading to home and then to traffic violations and then to work place – all thetime escaping the eye of the watchful. It is here we need to build and reinstill the INNER EYE through spiritual and philosophical guidance. Nitn Nohria the new dean of HBS and the new graduate class endorses and supports oath of ethical management practice, conceptually similar to Hippocrates oath for medical practitioners. I feel, if a company had an event of oath taking as a part of onboarding and any management events and meet as reinforcement, it may provoke the awareness and sense of guilt for defaulters.

  • I should note that recently our workers happen to be finding it difficult to figure out all our strategies so we ordered some software to do it for us. Things have already been up hill consequently. Much appreciation for the excellent post.

  • I wanted to thank you once more for that amazing website you have produced here. It truly is full of useful tips for those who are truly interested in that subject, particularly this very post. Your all so sweet along with thoughtful of others plus reading the blog posts is a fantastic delight to me. And thats a generous present! Tom and I are going to have pleasure making use of your ideas in what we should do in a month’s time. Our record is a kilometer long and simply put tips will certainly be put to good use.


Training Challenges and E-learning Solutions Summit 2018