More

    Seven-Step Security Awareness Action Plan

    Unless IT security is a core element of someone’s job, it is not necessarily considered one of their on-going development needs. All too often, employees get just an initial presentation from the IT department when they start and are expected to remember it, keep up to speed with changes, and adhere to ever-changing IT security policies and procedures.

    Without an ongoing systematic and proactive user awareness program, a strong security posture is in jeopardy. There is no cure for stupidity or genuine human error, but you can educate your workforce to help them make the right decisions and avoid unnecessary mistakes. What are you doing to make sure your workforce is security aware?

    This slideshow features a seven-step security awareness action plan, identified by Dominic Saunders, senior vice president of the NETconsent business unit at Cryptzone, to help ensure employees are onboard and up-to-speed on company security policies.

    Seven-Step Security Awareness Action Plan - slide 1

    Click through for a seven-step plan to help ensure employees are following company IT security policies, as identified by Dominic Saunders, senior vice president of the NETconsent business unit at Cryptzone.

    Seven-Step Security Awareness Action Plan - slide 2

    Rewrite your IT security policies and procedures. Use language that will actually be understood, and not just impress an auditor. Spell out the risks the organization faces for non-compliance.

    Seven-Step Security Awareness Action Plan - slide 3

    Consider changing the way you introduce security as part of the induction process. Smaller, more manageable documents are easier not only for the recipient to grasp, but also for the organization to review and update. In addition, by drip feeding the information, people are more likely to find time to read it and build a deeper awareness of security issues whilst reinforcing elementary security fundamentals.

    Seven-Step Security Awareness Action Plan - slide 4

    Review and update processes regularly; that includes regularly reminding your colleagues. Just because John in accounts had a security briefing when he joined the company 10 years ago doesn’t mean he knows what the risks are today. Educate staff, regularly, to make sure they still understand what’s expected of them, especially when things change.

    Seven-Step Security Awareness Action Plan - slide 5

    Consider using an automated system to deliver policies and associated documentation directly to employees at their workstations. This makes the whole process manageable for you both.

    Seven-Step Security Awareness Action Plan - slide 6

    Introduce testing, either for all or a portion of users. This will help to identify where policies aren’t understood so they can be rewritten to make sure everyone knows what they are doing and, as importantly, why. You’ll also be able to identify weaknesses and therefore focus training energies to the necessary areas.

    Seven-Step Security Awareness Action Plan - slide 7

    Get your employees to sign up to key policies so you know that they’re on board. As part of the process, include the consequences if they break the rules. That said, make sure that they understand that genuine errors are expected and should be reported, not ignored or covered up.

    Seven-Step Security Awareness Action Plan - slide 8

    If people see policies being enforced consistently at all levels within an organization, and where appropriate disciplinary action is taken against those who willfully neglect corporate rules, they are more likely to take notice of security information. When employees realize the circumstances and the consequences of security policy violations for them as well as for the organization, it nudges them to choose the right course of action, and perhaps be more prepared to encourage others to conform to standards of behavior within the acceptable governance framework.

    Get the Free Newsletter!

    Subscribe to Daily Tech Insider for top news, trends, and analysis.

    Latest Articles