• United States



Ideas from Security Awareness Survey Respondents

Nov 01, 20061 min
Data and Information SecuritySecurity

Practical steps to establishing employee security awareness

• Live events help lessons sink in. Hold monthly brown-bag awareness lunches for departments or remote facilities.

• Stay in people’s faces: Publish a monthly newsletter on current security threats and issues. Report security metrics, both good and bad.

• Find ways of expressing the cost-avoidance benefits of improved security. For example, put a dollar amount on fewer incidents and shorter recovery times.

• Have the CEO and other top executives attend security Q&A meetings (and have them take some questions). Make sure important security memos go out under the CEO’s name.

• Have direct contact with employees. Manage by walking around!

• When new threats emerge, act quickly to inform the enterprise. Demystify but don’t scare.

• Make awareness initiatives vivid so that they are felt on a personal gut level by individual employees.

• Engage in multimedia education: posters, online tutorials, live events, podcasts.

• Focus on high-value awareness initiatives: loss-prevention in retail businesses, counter-

competitive-intelligence strategies in research-rich environments, data privacy in financial institutions.