We know it can be overwhelming to put together a security awareness program from scratch. It takes a lot of time, a lot of planning, and sometimes it can take a lot of money. But many organizations, especially small to mid-sized companies, don’t have big budgets to spend on training. So we’re here to help!
Below are some more tips and tricks to help you get started or to ramp up your current efforts. (And remember to sign up for our freebie archive to get materials you can use – posters, newsletters, videos, courses, games and more!)
Emotionally Engage Your Users
In order to change behavior, you’ve got to change their mindsets. And the only way to change the way they think is to get them to CARE. Teach them how to protect their kids online, teach them what their teens are doing online, teach them how to protect their personal information. If you get them to care about protecting their family and teach them how they can be safer online at home, then it’s easy to slide in that company reminder. “Oh, by the way, all that stuff we taught you about protecting your family? Do it here at work, too!”
Get Your Users Involved
People love winning stuff. Even if it’s something small like a keychain or recognition. Many of our clients have found that the easiest way to get their employees excited about the mandated information security training and to actually participate by taking courses and doing well on the quizzes was to offer inexpensive incentives.
Have a Most Secure Employee of the Month contest.
Offer a $10 Starbucks giftcard to the first person in each department to complete their training.
Get a few calendars printed using the cool security awareness posters you find and/or make and give those away as prizes to people who score the highest on their quizzes.
Do weekly/monthly security awareness trivia questions. People with correct answers win something small (a mousepad, a keychain, coffee mug, getting to leave early on a Friday?)
Have an organization-wide poster contest for a specific security message (“Don’t get phished!” or “Be a human firewall!”, for example.)
If you can work with your HR department, you could let people earn extra vacation days for being exceptionally security aware.
Things that cost just a little now can save the company a lot of money in the future – because security aware employees don’t let data breaches happen!
We’ll keep offering advice and resources for building and running your in-house security awareness programs so come back later! In the mean time, watch this video about how to make a security awareness program fail and make sure you’re not doing any of these horrible things!