4. How to Sell Security Awareness to
Your Stakeholders
We all know members of staff who grumble
at anything outside of their immediate job remit. But because of legislation
and the increasingly threatening nature of modern cyber-security, being
security-aware is part of the role of a healthcare worker. All of us have the
duty of caring for patient data. So how do we engage staff in the process of
security awareness?
Security awareness training packages, if
done well, will be configured to engage staff—engagement results in better
understanding. Security can be a dry area, difficult to drum up interest in.
However, a well-designed security awareness training package can be
configured to work within the context of your organization to create tailored
training campaigns—specific to your needs.
One of the ways that you can make sure
that your team is benefiting from the sessions is to make the training
interactive and unobtrusive. People can get irritated when their workday is
interrupted, so offering ‘security over lunch’ or “brown-bag training”, which
is an informal and less intrusive way of learning about security, can be highly
effective. Another area that helps to focus training and make it highly relevant
is to tailor the training campaigns to a person’s role in the organization.
Keeping security relevant and making it
part of the normal program of workplace on boarding and training in your
organization, will make it an easier all-round sell to your extended team.
Ultimately, security threats need to be
accepted as a serious issue across healthcare. This means engagement across
your organization: from your top-level management, across all major
departments, and ultimately by the people who will be trained – your workers.
Bringing them onboard with the message that, understanding how cyber security
is a threat, how that threat works, and how to mitigate that threat as an
individual, will benefit both themselves and the organization as a whole, is a
fundamental message.
No comments:
Post a Comment