Published on July 07, 2010 by Karen Letain in News
Summer is a great time to take stock of your current awareness program. Review the past year's program and run it through a thorough analysis. Was it relevant to the users? Was the content refreshed with updated security best practices? Is it time to run a quiz and test the current users knowledge base? Perhaps you need to add some videos to the existing program
?
Perhaps it is time to start from scratch and look at a program re-design or a different approach to refresh and revitalize the training program. We recommend looking at new and innovative ways of communicating with your end users. Try getting them involved by running a poster design contest that they can even enroll their kids in with some great prizes and use the posters to really get them involved in the campaign itself. Use large plackards with key anecdotes placed strategically around the building - ie., every minute there are approximately 29 victims of identity theft to increase awareness.
What are you doing to refresh your program this year?
Published on February 15, 2010 by Karen Letain in Marketing and Communications, Planning
To win the gold...a corporate security awareness program aims to make all the employees understand and appreciate not only the value of the company's information assets but also the consequences in case these assets are compromised. In theory, the process is straightforward and painless. But as every IT/security manager knows, in real life, an awareness program can be a huge headache - especially in a large enterprise.
How do you plan correctly when implementing a security awareness program? How do you determine what tools will be effective in your organization? And...how do you create a winning program that wins a gold in terms of making everyone aware?
A couple of simple rules:
1. Do the training yourself - ensure that you do your research. Understand how employees use the syetms and for hat purposes, who has access to what and why? Understand the dynamics of your organization. Be well versed on the policies, goals and initiatives within your organization that might impact the program.
2. Get executive buy-in - without the right buy-in you will not succeed...period.
3. Create a focus group - get individuals from each department involved in the process so they can help you to build the right messaging and communicate effectively to the different groups within the organization.
4. Communicate, communicate, communicate again - use different techniques to get the message across. Be succinct and clear in all communications used and ensure that a regular frequency is maintained throughout the year.
5. Above all...make it FUN! In general, people are frightened about security breaches and risks. Try to remove the scary aspect by getting them involved.
6. Lead by example. Act swiftly and communicate rapidly if a security incident occurs. Ensure you are adhering to the policies within the organization and take every opportunity to communicate and reinforce the awareness message.
We would welcome your input into this conversation. Let us know what methods you have used to get that additional "edge" to create a wining program.
Published on January 15, 2010 by Karen Letain in Marketing and Communications, Planning
I had dinner with a good friend last night and the discussion, as usual, lingered toward work-related topics. The company that she works for (a large multi-national company) recently decided to enforce a clean desk policy for security purposes. Nothing wrong with that, except; this company did it to the extreme. Employees can not have even a small amount of anything on their desk. If they do happen to leave an item on their desk, a note goes into their employee file and points are taken off of their quarterly employee assessment which is directly tied to bonus and payment increases. Obviously, this has all employees grumbling and complaining and wondering if next they will be subject to body searches in order to go use the washrooms.
Had the company instead, communicated effectively with their employees through perhaps a well constructed campaign employees would have been able to understand and even, dare I say it...embrace the policy with the understanding that they are assisting the organization in maintaining a stellar level of security protection. Instead, the drastic measures of affecting their personal performance indicators has only led to an employee based frustrated and angry with their employer. How would you have handled it?
