You’re sitting in a busy office trying to concentrate with phones ringing, faxes pinging, colleagues chatting, and people constantly meandering around — some you recognize, others you’ve never laid eyes on. You know you lift your feet when the cleaners maneuver their vacuum cleaners under your desk, you know there is a constant stream of interns, potential clients arriving for meetings, and hopefuls awaiting job interviews, but have you ever wondered if all of these people are there for a reason or thieves trying to steal information or equipment? Have they slipped past the very technical controls set in place to protect the organization?
Security Awareness and why it Matters
The most efficient security measure is for leadership to create and maintain a security-conscious mindset amongst staff whereby employees protect themselves, each other, and their workplace. However execs need to set an example and use constant reinforcement — especially given that the average person needs to hear a message seven times before it sinks in! Here are some tips on how to get the message integrated into your organization’s culture.
- Lead by Example
Possibly the technique that throws the most punch is when the top honchoes show their own partiality for security. If workers see that it’s important at the top, bet your bottom dollar it will become important at the bottom. Publicize internally if an employee prevents a potential security breach or comes up with a cost-effective way to boost corporate security.
- Get Personal
Show that you care about your employees as individuals and simultaneously boost their interest in safety by providing them with tools to secure their private information. If a worker secures their home, they will be more likely to do so at work. Find fun ways to convey computer security tips for work and at home; give general tips on e-commerce website security issues; encourage them to research online cybercrime by reading internet security articles; provide guidelines on what to shred and what to lock-up at home; give information on how to secure their personal passwords and home-based wireless networks; as well as IoT (the Internet of Things) security tips — all those next-gen gadgets we love, but some of which can be hacked by cybercriminals.
- Offer Training
Training programs are a great way to deliver an important message, but gone are the days of forcing staff to sit through boring, hours-long lectures where they are handed loads of material to study by rote. Information is absorbed internally if it involves bite-sized learning sessions comprising interactive exercises, contests, and games that test comprehension and promote motivation. E-learning gamification programs to drive behavior and engagement, for example, are effective in enabling employees to monitor their own progress and feel intrinsic motivation. It isn’t a game, but can be a game changer for work performance and organizational culture.
- Make the Message Visible
To further convey the message and make sure it sticks in employees’ minds, put up posters around the office that are eye-catching yet simple enough for anyone walking by to read and understand without breaking stride.
- Clean Desk Policy
The entrances in your office building are secure, your surveillance technology is up and running, and IT assures you that your firewalls are invincible, but have you checked your staff’s desks? Are they revealing sensitive information which could pose a real threat if they get into the wrong hands — like sticky notes with an employee’s passwords left on the computer for any stranger to try compromise their account; are there access cards tucked under keyboards; confidential information left up on white boards that may be useful to competitors; private documents on desks or by the printer; a day planner detailing names and meetings with potential clients?
If the answer is mostly “yes,” start a clean desk policy and perform random desk checks after hours. Reward those who have no sensitive material out by leaving a thank you note or entering them in a monthly draw for a prize, and leave a gentle reminder about what needs to be improved for those who aren’t meeting the standards.
- Screen Time
Include security-related information and articles in every corporate newsletter giving examples of the latest security breaches in your industry. Also, send out short email reminders on significant topics — who to call for suspicious events, emergency preparedness, PDA security, etc.
At the end of the day, employees can make or break your security program — involve them in the security process by encouraging their feedback and suggestions and by providing them with an easy, even anonymous, way to report events or ask questions. Any organization can create a security-awareness culture if everyone toes the line, especially management — that and constant reinforcement!