It is now well recognised that one of the weakest links in the information security chain are employees themselves. Despite widespread corporate awareness campaigns, many employees continue to open attachments from unknown senders, download apps from outside the official app stores, access the internet through unsecure connections, or click on suspect links in social media sites. So, what is going wrong and what can you do to address this challenge?
Changing Employee Behaviour is a Must
Through our experience of delivering programmes over a number of years, targeting and influencing employee behaviour can deliver many opportunities and benefits for your organisation. It is evident that the primary goal of information security campaigns must be to influence the adoption of secure behaviours. Instead of simply making people aware of their security responsibilities, and how they should respond, your organisation needs to embed positive security behaviours in the organisational culture and ensure employees are recognised for their role safeguarding valuable corporate data and information.
Need for Enhanced Training Approaches
Of course, achieving behaviour change is not easy and Information Security Officers need practical and effective tools to address the issue. Training interventions certainly are an important part of the toolkit, but that training needs to be done correctly, which means:
- Providing training in small, digestible units
- Following up with testing and reinforcement frequently
- Creating a corporate culture of security by engaging employees at all levels
The training also needs to reward the trainee and offer ongoing recognition of their knowledge and demonstrated performance in respect of information security practices.
Information Security Pass™ Programme
When it comes to protecting an organisation from threats and breaches caused by its own employees, the need to shift away from awareness training towards tangible behavioural changes has never been greater. The Information Security Pass™ Programme, developed with the support of Skillnets and the Department of Education, was designed specifically to respond to this critical need in a consistent and sustainable manner.
The key aspects of the programme include:
- Flexible and accessible online learning available on-demand
- Easily digestible bite-sized content on key Information Security topics
- Additional “on the spot” training can be provided to employees following simulated phishing attacks or other security testing interventions
- Employees receive a portable Information Security “passport” that rewards them on an ongoing basis for demonstrating responsible information security behaviours
- Fully independently managed and delivered service
For more information on our Information Security Pass Programme, click here.