Effective Security Awareness Program
Every day this week working at my new employer, it reminds me of the value of having an effective security awareness program. At Spectrum Enterprise Navisite my company work’s very hard to make sure the data we hold on behalf of our customers in our public cloud offering, Private Cloud offering or any of our many products or services we provide is safe and secure. It’s very apparent the commitment to security from the moment you walk in the door in any one of our physical facilities from the UK to the USA.
Secure World Boston – Effective Security Awareness Program
At Secure world Boston, I attended a class on building an Effective Security Awareness Program. The instructor of the class was Dan Lohrmann. To quote Dan’s LinkedIn tagline ….”
“Chief Strategist & Chief Security Officer at Security Mentor, Inc. – Author, Blogger, Featured Speaker“. Dan knows a lot about security and the design of effective security programs and I was very fortunate to have him as my instructor. Dan brought many real world example to the classroom. Let me share with you a few of the key things to remember when building an Effective Security Awareness Program.
Don’t Stay with The Staus Quo
If you are doing the same things you did five years ago to keep your business and its data secure, then you do not have an Effective Security Awareness Program. As technology keeps changing and evolving so does the way you secure your business critical data and assets. If you’re doing the same thing you did five years ago, you have a problem.
One of the reasons so many companies are moving to the cloud beyond the many advantages it provides the business regarding agility and ability to scale is that they get access to top-tier security experts and security best practices.
Make it Fun
Dan Lohrmann, the instructor of the Effective Security Awareness Program at Secure World Boston, made this point over and over. Dan demonstrated an example of how the company Security Mentor found ways to make it fun while educating people on Security Awareness. There are many solutions on the Market today, that help educates your staff on security awareness, and I am in Dan’s camp on this, look for one that tries to make it fun. Yes, even fun posters can make a huge impact.
Make It Personal
Let’s face it; we have all been through compliance training designed so the company can check the box and meet a requirement. If we can find a way to make the message personal, a message that will impact our lives we are more likely to listen to the message and more importantly retain it. Is there a way to craft a security lesson and make it about home life.
Get Executive Support
An Effective Security Awareness Program has Executive support. Many people would argue that the first and most critical element of an Effective Security Awareness program was obtaining C-level support. Getting executive support is essential for the success of just about any organizational effort.
With Executive support comes authority and the support of other departments. There will still be obstacles and resistance to change within the organization, but it will be much easier to overcome these challenges. With the C-level support will come funding to help make it all happen.
Make it Easy
One of the things really caught my attention my first days on the job, was how easy it is to report a suspicious email. How easy it is to contact the security team at my new company. How many Hospital’s of late have been held hostage to Ransomware because an employee clicked on the wrong email. Here is an article that just talks about some Hospitals that were attacked in 2016.
For this article, I chose hospitals, but I could have easily chosen any other industry. With all the security threats out there alone is a reason for a company to turn to the cloud. By working with the right provider, your infrastructure and data will be proactively protected using industry best practices.
It’s important that we make it as easy as possible for people to report suspect emails or other suspect situations which might put a business data or assets at risk.
Many of these companies that are impacted by Ransomware will turn to the FBI for help. As much as the FBI, would like to help every company effected by this and many other security events, they do not have unlimited resources. The best protection you have is to develop an in-House Effective Security Awareness Program and work with Vendors like Spectrum Enterprise Navisite who follow industry best practices and who have Security awareness as part of their corporate DNA.
Brief, Frequent, Focused
Let’s Face it, we are all busy. Small more frequent messages is a better way to get your message out there. An Effective Security Awareness Progam is Brief, Frequent and Focused.
One of the things, I saw very quickly at my new employer was all the right habits the team has surrounding security. Everyone makes sure they touch in with the door pad when going through a door. I was someone people did not know the first day; I notice people were making sure my badge worked. Here is an example of a quick message to remind people of TailGating. Its Brief, Focused and Frequent.
Here is a link to a 2-minute video on Tailgating, examples of how it happens and the risks to the business.
Focus On Changing Behaviour
The goal of an Effective Security Awareness Program is changing Behaviour. It’s important that you keep the bigger picture in mind. It’s not about checking the compliance box off. It’s about changing long-term behavior, so you are better prepared for the constantly evolving security threats. Measure what you have done, and over time Security will be part of your corporate DNA.
*** All Posts are Mine and Not those of my Employer**
My Blog: http://michaelcorey.com/
My Personal Twitter Account: Michael_Corey
Columnist for the Big Data Quarterly. <Click Here to Subscribe Big Data Quarterly>
Buy at VMWarePress!