Practical steps to establishing employee security awareness • Live events help lessons sink in. Hold monthly brown-bag awareness lunches for departments or remote facilities.• Stay in people’s faces: Publish a monthly newsletter on current security threats and issues. Report security metrics, both good and bad.• Find ways of expressing the cost-avoidance benefits of improved security. For example, put a dollar amount on fewer incidents and shorter recovery times.• Have the CEO and other top executives attend security Q&A meetings (and have them take some questions). Make sure important security memos go out under the CEO’s name. • Have direct contact with employees. Manage by walking around!• When new threats emerge, act quickly to inform the enterprise. Demystify but don’t scare. • Make awareness initiatives vivid so that they are felt on a personal gut level by individual employees.• Engage in multimedia education: posters, online tutorials, live events, podcasts.• Focus on high-value awareness initiatives: loss-prevention in retail businesses, counter-competitive-intelligence strategies in research-rich environments, data privacy in financial institutions. *–L.M. Related content feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Mergers and Acquisitions Mergers and Acquisitions brandpost Unmasking ransomware threat clusters: Why it matters to defenders Similar patterns of behavior among ransomware treat groups can help security teams better understand and prepare for attacks By Joan Goodchild Sep 21, 2023 3 mins Cybercrime news analysis China’s offensive cyber operations support “soft power” agenda in Africa Researchers track Chinese cyber espionage intrusions targeting African industrial sectors. By Michael Hill Sep 21, 2023 5 mins Advanced Persistent Threats Cyberattacks Critical Infrastructure brandpost Proactive OT security requires visibility + prevention You cannot protect your operation by simply watching and waiting. It is essential to have a defense-in-depth approach. By Austen Byers Sep 21, 2023 4 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe