Information security is not a one-and-done kind of thing. In fact, there is no time in any of our lives when we can sit back, hands behind our heads and say, “Ahh, yes. I’m finally secure.”
Information security is a state of mind created through consistent, engaging, and interactive messaging that makes it relevant to our personal, professional, and mobile lives. Your goal should be to transform your company staff into human firewalls, not just to check off a compliance training box.
You need to employ metrics to find where you’re hitting the mark and where you can make improvements. Then using the metrics you’ve collected, see where you’re improving and where your users still need help. Get feedback, tweak the system, reassess your needs. When you find a strategy that works, don’t do it once. Do it again, and again, and again… And again.