Think about how great this would be: Imagine that all of your company data is safe from hackers. Your hardware is totally safe and secure. You have IT specialists at your disposal at all times and have a constant flow of cash to pay them.
Unfortunately, this is a fantasy for most of us. No matter how secure we think our network is or how much we pay our IT people, there is always a chance for a data breach. Does this mean we should stop the fight, though? No way.
Instead of throwing in the towel, it’s very important that you start focusing on security awareness, and this starts with teaching your staff how to handle sensitive company data and keep it safe from the bad guys. Here are some strategies that might work to get the message across:
- Make sure that every employee on your staff understands how important security is, especially at their own workstation. Each employee you bring on in the future should also be instructed in this before being allowed to access the company’s network.
- Safety, security and privacy policies must be in place and must address all the necessary concerns required to keep all data in check. Review these policies with new and current employees.
- Set up some fake “phishing” emails to see if any of your staff take the bait. This fake set up will get the point across to your staff without putting your network at risk.
- Set up a policy that terminates any employee that is involved in a data breach. This is a great incentive to keep company information safe.
- Install software onto your network that can detect when your staff is doing something that they shouldn’t be doing. This software isn’t meant to discipline staff. Instead, it’s meant to alert them when they are doing something dangerous that could put sensitive information at risk
- Make sure your staff understands all of the cyber-attack warning signs. This way, they can easily spot anything suspicious.
Maximize Security Awareness in the Workplace
Here are eight ways to further maximize security awareness in the workplace:
- Create a Baseline – Before you can get any type of awareness training going, it’s important to know where you stand. So, do something like a fake phishing email and see how many employees fall for it. This way, you know how much work you have ahead of you.
- Remain Realistic with Social – Thinking that you can totally ban any activity that puts your network at risk, such as social media, isn’t very realistic. Instead, teach your employees to be careful when using these websites. Show them example after example of how social posting has gone south ending up in firings.
- Use the Right Tools – Stock your arsenal with the right tools. There are programs out there that can help with security awareness in the workplace. “Phishing simulation training” is a quick search.
- Use your Creativity – Even if you don’t have a lot of cash to use, you can still make this a fun learning process for your staff. For instance, if its Christmas time, hand out candy canes to your staff, but around each candy, put a small paper with the company’s security policy printed on it.
- Get the Help of High-Ranking Execs – If you can get the execs to help you out, employees are likely to listen. How can you do this? Mention the term “return on investment” and relate it to your company’s security. You can be sure that this will get them moving. And remind them that company officer are being fired left and right when there is a data breach.
- Bring in Other Departments – It also is a good idea to bring in other departments to help with security awareness. Even people that might not be connected to your network, such as cafeteria or housekeeping staff, can be helpful. You should also make sure to involve your HR department, because they can usually encourage staff to follow policies. Accounting needs to have a say too.
- Evaluate Your Plan Often – Every 90 days, take a look at how your program is doing. This is quite effective. To avoid any type of information overload, you should take it slow, too. Perhaps only introduce security topics every three months or so, and then evaluate employee performance 90 days after.
- Provide Security “Appreciation” training – This goes beyond security awareness training into the realm of getting into cultural and societal misconceptions, myths and inaccuracies that perpetuate a lack of accountability. Example: “It can’t happen to Me” is total BS and is a form a denial preventing people from being proactive.
- Personalize the Experience – Some employees won’t get serious about things until they are affected. So, make sure that your staff understands that security awareness is about them, too, not only the executives of the company. Make sure they also know that they can use the same practices at home to keep their personal information safe.
Teach Them Actual Self Defense – Might sound crazy, but understanding how to save their own lives or the life of a loved one in the event of a physical attack provides an enormous amount of perspective. This is one simple way to open one’s mind on the value of security.
Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.