- Reinforce your security message regularly—deliver your security awareness message at regular, frequent intervals—now and then will not cut it. The awareness message needs to be fresh, tailored to your audience, and easy to understand. One way to achieve this is with a security awareness newsletter or blog. At the least, the content should arrive like clockwork every quarter, customized with your company logo and personalized articles—ready to be posted on your intranet or emailed to employees. Examples of security newsletters and blogs include those from Check Point, ZoneAlarm, and SofaWare.
- Keep it current and fun with video—but if your security awareness video depicts outdated hairstyles (e.g., mullets, mousse, or hair gel) and talks about "floppies," your message is doomed. Users will pay attention only if you make it timely and fun. Your video should teach awareness basics in key areas through humorous, engaging vignettes, such as two employees facing off in an entertaining "security competition" with a sports theme. Present it in group meetings, or deliver it to the desktop.
- Show users that performance matters—set an expectation of excellence by measuring employee learning. Prove compliance by documenting training for everyone in the company. Implement an interactive computer-based training program, and take your program to a whole new level. It should include quizzes, exercises, scoring, and tracking. Some of today's most effective computer-based training is available from Check Point Education Services.
- Recharge yourself—employees and managers will not believe in your program unless you do. But often, the security specialist works in isolation, with little or no support, making the creative parts of the job even more daunting. Direct contact with other security specialists is an invaluable way to recharge your efforts. The Check Point Community and ZoneAlarm User Forum are two potential settings to discuss your security program and learn best practices.
- Start small, but start—too much of the same old, same old, and your users will quickly start ignoring you. Classic training protocol says that to have a lasting impact on user behavior, you must repeat a lesson seven times in seven different ways. But you can only start with one new thing and build slowly. However, even one new initiative goes a long way toward grabbing employee mind share.
Five Tips to Increase Security Wisdom During Foolish Times
With April Fools here, the pranks and shenanigans played in offices around the world are usually benevolent in spirit, but not irreparably harmful. Online, though, your enterprise faces a menagerie of malicious minions out to do much continuing and—if possible—permanent damage to your network and data resources. And they will seek to exploit the weakest link in any security apparatus—the human factor. However, certain practices can make for a vital, robust program that will vastly improve your users' awareness of IT security. And they are easier to achieve than you might think. So to mark the most mischievous month of the year, here are five wise tips for a successful security awareness program: