If you would schedule an event to teach people about Internet Security, and make it optional to attend, only about 5% of your entire office population will show up. And guess what, those 5% are probably the people that need it least.
Here are the six elements of a successful Internet Security Awareness Training Program
- Formulate, and make easily available a written Security Policy. Each employee needs to read the document and sign it as an acknowledgment they understand the policy and will apply it.
- Give all employees a mandatory (online) Security Awareness Course, with a clearly stated deadline. It is highly recommended to explain to them in some detail why this is necessary.
- Make this Security Awareness Course part of the onboarding process of each new employee.
- Keep all employees on their toes with security top of mind, by continued testing. Sending a simulated phishing attack once a week is extremely effective to keep them alert.
- Never publicly identify an employee that fails a simulated attack, let their supervisor or HR take this up privately. Give a quarterly prize for the three employees with the lowest ‘fail-rate’.
- If you use posters, stickers and or screensavers, change the pictures or messages monthly. After a few weeks people simply don’t ‘see’ them anymore. It’s more effective to send them regular ‘Security Hints & Tips’ via email.
Related Pages: Security Awareness Training
