Photo courtesy of http://www.flickr.com/photos/septuagesima/
Educate your employees about information security or all the security tokens in the world won’t save you.
A company may have a decent size security budget and spend it effectively on firewalls and other protection devices but if you fail to educate your end-users all that investment can be for nothing. Hackers, spammers and other evil doers regularly target end-users because it is often the easiest method of attack and is extremely effective. Targeted spam emails and malicious web sites are two of the most common threats but it is important to implement a general awareness campaign that covers a wide range of information security issues from what makes a good password to the importance of physical security. Here are some of the important factors to consider when implementing an information security awareness program.
Be Consistent – Develop a weekly or monthly routine and stick to it. Send out the email on a consistent day so the user will come to expect it and perhaps even look forward to it if you follow the other recommended steps below. Always send it from the same account to minimize the likelihood for confusion which could assist targeted spam attempts.
Keep It Simple – Do not use overly technical language that will confuse or turn off users. Speak in the communications like you would talk in a conversation and
Do I not entertain you? – Try to write in an interesting style and even use humor to keep your users entertained. Entertaining material is more likely to be read and absorbed then stuff that would put an insomniac to sleep.
Provide Examples – Many people learn best from examples and there are plenty of those readily available. Find a recent incident that demonstrates the point you are trying to make and it will make it more real and less theoretical. People listen more when they no others have fallen for a trick and are more likely to absorb the information.
Be relevant – Providing examples that they can use at both work and home is a great way to keep people interested. Examples include safe internet surfing, avoiding spam emails, and the importance of having up to date anti-virus signature files.
Consider Posters – Emails are great but they are often times easily ignored. Utilizing posters in high traffic areas in addition to email is a great way to mix it up and capture the attention of people who otherwise might not care.
Make it a job requirement – Security is only as strong as the weakest link. It is everyone’s responsibility to follow good information security practices and keep the company secure.
In the very near future we will be offering a weekly information security email newsletter so stay tuned and stay secure!