Savvy business owners know that their employees can be their greatest strength and greatest weakness when it comes to information security. The difference between having employees that are security assets and security vulnerabilities comes down to one thing: training. Below, we’ll go over four ways to get your employees excited and engaged about information security training.
- Be a Role Model
Another way to say this is to practice what you preach. Information security practices are a top down process. Do you have a content filtering system in place designed to prevent employees from accessing malicious sites? Have you asked your IT department to bypass it? Practicing what you preach and abiding by the same rules you’ve set for your employees goes a long way towards engendering information security practices in your organization.
- Get them involved early
Explain to your employees what you’re trying to accomplish and why. Get your employees involved and engaged in information security training early on. What areas are they unclear on? Are there areas that they need more information on? What recurring problems have they had with their computers? Engaging your employees early in the security practices that they will need to implement on a daily basis will improve their buy-in on the entire process.
- Make it relevant
We’ve all been forced to watch training videos on VHS produced in the late 80s with celebrities somewhere on the E of F list that desperately want to discuss proper safety procedures. Making certain that information security procedures are understandable and relatable to the daily tasks that your employees perform allows them to connect policy and procedure with their daily task list. Are your employees expecting shipping information from UPS on a regular basis? Train them to take a look at the URL in the body of the tracking email they receive—make certain that it points at ups.com. Do your employees deal with a particular bank on a regular basis? Make sure they understand that bank’s policy regarding the release of email and password information—reputable banks will NEVER ask for this information via email or the phone.
- Expect (and track) improvement
This final area is one where your IT department can be of great assistance. Many large corporations run tests for phishing scams on a regular basis. This allows your company to track how well your employees are responding to the information security training they’ve received. Inspect what you expect, don’t simply dump a wealth of training information on your employees and expect them to be completely comfortable with new information security procedures.
Remember that your employees don’t have to be a liability when it comes to information security—they can be your first and best line of defense. Regardless of their skill level and level of comfort with computers, your employees can become an information security asset to your business—with the proper training.