We all know how important security awareness training is for an organization. Moreover, we try to enhance our efforts by weaving security into the “culture” of the organization. Yet, from the employee’s perspective, it all gets very stale. It seems like it is always the same message, but if that is the case, why hasn’t this knowledge been adopted into the corporate consciousness? Perhaps it is our approach. We asked a panel of experts for some ideas about how to stimulate and invigorate security awareness training in an organization. Here are their thoughts:

Gary Hibberd | @AgenciGary | LinkedIn

In terms of rejuvenating a security awareness program, there are several approaches I take. Firstly, I ask you to remember you’re dealing with people, and people don’t like to be talked ‘at.’ They also don’t generally like to be bored! It doesn’t matter if you’re speaking to the global head of the business or the new intern just starting out. They are people. People with hopes and dreams, fears and uncertainties. When you’re putting your security program together, you must first seek to understand the people as well as the organization. After all, you can’t protect what you don’t understand.

Understand where the data is and what the touch points for that data flow are – technical, physical, and human. Speak to the head of IT, Human Resources, Operations, Marketing, Sales, and Finance to understand how they feel about information security. Ask them what concerns them most about information security. Ask them what has worked previously to raise awareness of other topics (such as H&S). Ask them what would they find most useful in terms of Information Security. At that point, you can start to see where some of the issues are and also whether any potential single (Read more...)