Aug 21, 2017
When it comes to securing your organisation's data, your employees are your first (and most valuable) line of defence. Today, I’m showing you how to capitalise on this defence, and improve your organisation’s security awareness in just 30 days.
1) Choose a Complete Curriculum
A comprehensive security curriculum needs to cover each of the biggest threats facing your organisation, and do so in an engaging, effective way. eLearning courses are particularly effective at engaging employees, and should tackle:
- Email Security
- Travel Security
- Phishing Awareness
- Physical Security
- Malware Awareness
- Social Engineering
- Mobile Device Security
- Password Security
- PCI Awareness
- Data Privacy & Protection
2) Create a 30-Day Roll-Out Plan
Though you could choose to roll-out your security program over any period of time, a 30-day cadence will create a steady drumbeat of information. You’ll afford employees enough time to engage with the training, whilst ensuring that courses are completed promptly and security is kept front-of-mind.
3) Promote Security Resources
Additional security resources can go a long way towards raising organisation-wide security awareness. Infographics will help break complicated security topics into easy-to-digest snippets of information; blog posts and articles will help add extra insight and context to your training courses; and tip sheets offer an easy-to-share medium for addressing specific security challenges. The broader the range of resources on offer, the easier it becomes for employees (often with varied learning styles) to learn from the training program, and actually begin to act on its advice.
4) Launch the Program with an Executive
When the time comes to launch your security program, it’s important for an executive to announce it through an all-employee channel – whether email, a blog post, or even in person. An executive mandate is a powerful tool for encouraging adoption, and prioritising security, so it’s vital to get buy-in from the C-suite before launch.
5) Encourage Security Discussions
After launch, it’s important to continually prioritise security awareness, by encouraging active security discussions throughout the organisation. This can take the form of manager-lead team security discussions, internal email workflows promoting relevant blog posts and guides, or even talks hosted by external security experts. All that really matters is that the conversation continues beyond day one of the launch
6) Check Your Scores
Monitoring participation and completion rates will help ensure that everyone in the organisation has passed the assessment, and attained a decent foundation of security knowledge. In addition to the peace of mind associated with a security-aware organisation, this type of information will also help with compliance reporting – allowing you to validate your improved security with concrete data.
7) Partner with a Security Expert
It can be difficult for most organisations to find the time and energy to develop their own security awareness course. Many organisations lack the expertise to do so; and those that do often lack the teaching skills required to properly implement it. With the addition of extra resources, the need for continued discussion, and the demands of rigorous score monitoring, partnering with a security expert is often the more cost-effective (and downright effective) way to improve security awareness. Discover everything you need to roll-out an effective application security program, and download your free whitepaper.