Many companies make timid, awkward and ineffective attempts at teaching their staff about company security policies. This occurs because most corporate security policies are boring, unintelligible tomes.
Ergo: No one pays attention to them.
We spend a lot of time helping companies get their security message across to their employees. But are there any employees at any company who care one iota that their “policy is designed to take maximum advantage of our internal IT skills, protect our operating environment and prosecute offenders to the maximum extent of the law?”
What does that even mean?!
Instead, we’ve found that employees care and will listen if you educate them about protecting themselves from cyber criminals, their kids from predators and their families from fraud.
It’s not that corporate users are stupid, lazy slugs who don’t give a rat’s patootie about security policy; it’s that the corporations are putting themselves and their financial interests first (“If we get hacked, we’ll lose money”) and their employees’ second (“There are 100,000 phishing websites out there. Here is how to best protect your family.”).
It’s that the typical, straitjacketed approach to security education is dull and uninspired at best.
Give your users a chance. Teach them on their terms for once, not yours. Take a lesson from TV and films, and entertain. A lot of people learn about politics from “The West Wing”, “Scandal” and even “Parks and Recreation.” Half the people in the country are now legal and forensics experts because of the “Law & Order” and “CSI” franchises. How can you use the same techniques to teach security concepts? People are open to ideas presented to them through entertainment, and they are especially interested if it directly affects them.
Make security personal. If your staff learns the ins and outs of making their home computers secure and how to protect themselves from the ravages of the Internet, exploiting that knowledge for the benefit of your company’s security is much easier and more effective.
Now go forth, and create an awesome awareness program!
Need more inspiration? Check out our satirical video: How to Make Your Security Awareness Program Fail!
Latest posts by Ashley Schwartau (see all)
- Here I Am: My Unexpected InfoSec Career Path - May 30, 2017
- Harry Potter and the Security Prophecy - May 4, 2017
- Use Gamification to Drive Engagement with Monthly Newsletters - January 12, 2017