Start by defining simple policies to get people used to a new way of business. For example, perhaps start with implementing user engagement based upon location to start. If an employee is working from home and trying to access a work server, have them do a two step verification but tell them why they are doing it. The company is implementing this in order to keep the user’s identity and things they access safe. In turn, this keeps the company more secure. While people may initially complain they have use their phone, they will understand it and over time will become commonplace and easy. They do it all the time in their personal lives, now they are doing it at work too.
Start a company wide security commitment campaign that provides a statement that aligns everyone on the goals so they are on the same page. Appoint/assign a clear point of contact. It takes time to adjust user behavior. By being honest about how the company is working to find new ways to secure employees and the company and explain there could be some bumps along the way as people learn a new way of interacting with internal systems. As the company transitions into this evolving digital age, people will be more prepared for change.
Focus on Low Friction:
When getting users to change behaviors and accept new ways of working, it’s important to focus on how to make it achievable. Going down this path can help with productivity and security gains with security teams now able to open up more access which previously was not possible. Now employees that work from home can do so with less limitations because there are automated security measures in place to ensure the company remains secure.
Transparency Drives Change
Being upfront with employees on how you are changing the security fabric in the organization and how every user is a critical piece of the process will drive positive user experiences and eventual success.
To learn more about how customers have successfully implemented adaptive threat prevention based on identity behavior and risk and have engaged users into the security process, contact us and we’d be happy to set up a consultation on how we can help implement this type of approach in your organization.
This is a Security Bloggers Network syndicated blog post authored by Heather Howland. Read the original post at: Preempt Blog