TechTarget

Security must be engaging, relevant and ongoing, says The Security Company

Security policies are worthless unless employees see security as a priority, according to consulting firm

Security policies are worthless unless employees see security as a priority, according to consulting firm The Security Company.

Security is often regarded as something negative that stops people from doing their job, Bernadette Palmer, communications specialist at The Security Company, told the first annual Human Factors in Information Security Conference in London.

Success depends on employees understanding what the business wants to achieve, why that is important, and how they can contribute, she said.

Security needs to be engaging, relevant and ongoing. It should also have the full support of senior management, Palmer said. "Without senior management support, security will neither be taken seriously within the organisation nor receive the necessary air time in communication channels."

One of the most effective ways to make security engaging is for businesses to answer the employees' question: What's in it for me?

Organisations could, for example, invite staff to share personal stories of being victim to identity theft and award prizes for the best submissions, said Palmer.

"HMRC conducted a very successful programme like this and published the winning stories in an internal magazine, alongside a best practice guide on how to prevent identity theft," she said.

"It is always important to measure the effectiveness of these campaigns to see what progress has been made by conducting security perception surveys before and after."

Palmer said another useful measure is to look at the number of security incidents reported in the organisation. These will typically increase to indicate a growing security awareness among employees.

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close