Educate your employees about information security or all the security tokens in the world won’t save you.
A company may have a decent size security budget and spend it effectively on firewalls and other protection devices but if you fail to educate your end-users all that investment can be for nothing. Hackers, spammers and other evil doers regularly target end-users because it is often the easiest method of attack and is extremely effective. Targeted spam emails and malicious web sites are two of the most common threats but it is important to implement a general awareness campaign that covers a wide range of information security issues from what makes a good password to the importance of physical security. Here are some of the important factors to consider when implementing an information security awareness program.
Be Consistent – Develop a weekly or monthly routine and stick to it. Send out the email on a consistent day so the user will come to expect it and perhaps even look forward to it if you follow the other recommended steps below. Always send it from the same account to minimize the likelihood for confusion which could assist targeted spam attempts.
Keep It Simple – Do not use overly technical language that will confuse or turn off users. Speak in the communications like you would talk in a conversation.
Do I not entertain you? – Try to write in an interesting style and even use humor to keep your users entertained. Entertaining material is more likely to be read and absorbed then stuff that would put an insomniac to sleep.
Provide Examples – Many people learn best from examples and there are plenty of those readily available. Find a recent incident that demonstrates the point you are trying to make and it will make it more real and less theoretical. People listen more when they no others have fallen for a trick and are more likely to absorb the information.
Be relevant – Providing examples that they can use at both work and home is a great way to keep people interested. Examples include safe Internet surfing, avoiding spam emails, and the importance of having up to date anti-virus signature files.
Consider Posters – Emails are great but they are often times easily ignored. Utilizing posters in high traffic areas in addition to email is a great way to mix it up and capture the attention of people who otherwise might not care.
Make it a job requirement – Security is only as strong as the weakest link. It is everyone’s responsibility to follow good information security practices and keep the company secure.
Subscribe to:
Post Comments (Atom)
1 comment:
Thanks for addressing this. So many people don't realize how important these extra measures can be to make sure their company’s data, network, and tech resource are secure. As an owner of a CPA firm in St. Louis, there are multiple frightening aspects of cybercrime. In my opinion confidential data is not completely secure unless the employees are trained in security awareness policies and We at Stone Carlie have a new Information Security Awareness Blog that provides tips on how to effectively set up and implement a Risk Assessment and Vulnerability Management Program. www.stonecarlie.com/blog We're excited to share our information with those interested and we definitely plan to keep an eye on your blog. Thanks for sharing!
Post a Comment