No matter what business you are in, for it to be successful, you must develop, and evolve over time, improved processes. Whether it’s making a pizza parlor 15% more efficient, or streamlining warehouse inventory management by optimizing deliveries and shipments, it’s all about process.

Every business relationship has a beginning; the first steps with a new customer, a new supplier or introducing a new producer or service. A productive business mantra is often “get ‘em in, get ‘em out” as fast and professionally as possible, and that means developing a process: Step 1, 2… n… until the end.

Some business processes are iterative. For example, your business introduces a new service or product based upon customer need and desire. After you introduce it, you receive feedback from customers, and then you begin the process of Version 2. Over time, you will continue to develop better products based upon customer feedback and research. Standard business processes.

Your Security Awareness Program (SAP) should be treated exactly the same. It’s an iterative process of an internal advertising and marketing program, with the goal to increase your cybersecurity profile. All marketing programs are just as much about process as any other element of your operation.

First, you establish some goals, perhaps for a year out, based upon research of best practices for SAPs. Then you develop a Launch, to kick off the program, and begin the interaction with your user base. A good SAP will include the ability to measure various levels of participation and will actively solicit user comments and interaction. Over say, the first 90 days, a good SAP manager will be able to correlate data, and make adjustments.

Imagine you have an international company. The Euro division is active in your SAP, with 82% participation, but the US user base is only 65%. Why? Part of the iterative process in any program is not only to recognize that a change might be necessary, but also, ‘why’ is it necessary. Without that context, you’d be purely guessing.

On the other hand, 77% of English-first speakers play the security awareness games you offer, but only 24% of those from Europe do. Is that due to the language, the culture, or some other contributor?

It’s vital that an integral part of your SAP is a process to constantly review and evaluate the progress you’ve developed. You need to determine if your program is working, if the goals are being met, and then make adjustments.

Over time, your organization and your SAP will grow, the threats will change, and the security landscape will change–potentially overnight. Thus, the needs of your security awareness program will change, and you will need to adapt.

As with every other aspect of your organization, applying a dynamic business process–constantly improving itself–will make your security awareness program more efficient and more effective than ever.

Winn Schwartau

President & Founder at SAC
Winn Schwartau is one of the world's top recognized experts on security, privacy, infowar, cyber-terrorism, and related topics. Winn is gifted at making highly technical security subjects understandable and entertaining & has authored more than 12 security books.