Even the best security programs are bound to fall flat if an organization is saddled with a weak security culture.
In an interview with security experts at Fortune 500 companies, Networkworld.com recently gathered these seven elements that make for a successful security awareness program.
C-level support – Backing from top level executives is essential for many corporate initiatves and that goes for security awareness programs as well. Enlisting the support of a C-level executive can open the doors to larger budgets and support from other departments.
Inter-departmental support – Departments such as: human resources, compliance, legal, physical security, privacy and marketing often have the power to make security awareness mandatory. If you can get the heads of these departments on your side, getting workers to pay attention will come easier.
RELATED CONTENT
Lack of regs, complacency why Canada lags in security: Vendor
Canadian IT security practices conflict: Survey
Canadian IT security practices conflict: Survey
Measure results – In ordre to prove that a program is succeeding you need to be able to measure its progress and improvements achieved since its implementation.. For instance, you can measure the number of security-related incidents before and after the program, or number of attempted visits to banned web sites.
Provide assistance – Assist workers in accomplishing actions towards the desired results. For example, if you want them to be careful with social networking also provide them with useful tips on how to access alternative sites as well as provide them with best practice instructions.
Multimodal material – Incorporate a variety of tools. You can use newsletters, blogs, posters, games, newsfeeds and even security attack simulations.
The 90-day plan – Most one-year plan that covers one topic each month are not effective because they do not reinforce knowledge and allow feedback. Consider a 90-day program which covers three topics simultaneously and reinforces these topics those 90 days.
Creativity – Try to come up with some out-of-the-box ways to spark interest among employees and managers to buy into the program. Many successful security awareness programs make lasting impression because they were fun and engaging as well as useful.