Turn your weakest link into your first line of defense

Most security risks are driven in practice by the lack of a well-defined and managed information security (IS) culture, with errors and breaches frequently caused by human error and a failure to follow procedure. Most analysts and information security officers agree that humans are the weakest links of any information security framework.

With adequate behavior change, you can turn your weakest link into your first line of defense. Easy to say… but in practice, it is quite a challenge!

How do we achieve it?
Many people think awareness and training are key elements. They are not far from the truth! In fact, awareness and training are only part of the solution. Let’s take a step back to understand the behavior change process and then, apply it to our first line of defense!
4 Steps to Behavior Change
1. Awareness - Target Group knows WHAT is needed and When it is needed

2. Understanding - Target Group knows WHY and HOW action is needed

3. Action - Target Group is ready to be involved into specific activities

4. Commitment - Target Group is responsibly committed to and supports initiative
Following this model, by reaching the ‘’commitment level’’, chances are that the weakest link will be the best line of defense. Awareness is not training. Awareness is about reaching a mass audience with very attractive packaging that reaches the emotion, to deliver a short and strong message. Awareness allows the audience to recognize situations. It is the first step to a behavior change.Training teaches what to do in situations. Training is about the acquisition of knowledge, skills, and competencies.Awareness and training, when well combined are powerful behavior change tools.