24 Hour Security Services

Employee security awareness

Posted by Mike Butler on Saturday, October 27, 2018 Under: Guest Security Articles
No one wants to play the bad guy by monitoring every single action that a user makes. However, the unfortunate reality is that a good portion of security breaches are caused by staff members, whether inadvertently or intentionally.

Incidents of both kinds come in a variety of forms: 
  • Theft of credit card or other financial information by unethical employees. 
  • Opening infected e-mail attachments from unknown or untrusted senders. 
  • Forgetting to log off workstations at the end of the day. 
  • Disclosing passwords to coworkers, family, or friends. 
  • Installing unauthorized software on workstation PCs.

Act First, Think Later

It's one thing to foster a corporate culture that embraces security as a core value, but it's quite another to do so at the sacrifice of actual security technology investments. Gartner recommends that before companies even start thinking about implementing a security awareness program, they should: 
  • Solidify and strengthen all enterprise security systems and technologies. 
  • Establish formal practices and support for workers using these systems. 
  • Invest in security awareness only when the two previous steps are complete.

Action Plan

A successful security awareness program is one that compels all employees to take an equal share of the responsibility for the security of company assets. Bear in mind, however, that awareness alone can never replace comprehensive security policies.

1.Define your expectations for the users. Raising awareness ultimately means changing people's behavior. In addition to your existing non-disclosure and technology acceptable use policies, speak with HR to make employee information security responsibilities a condition of employment (strictly on a per case basis, of course). Also: 
-Give precise descriptions of what actually constitutes a security incident. 
-Establish concise instructions for reporting security breaches, events, or incidents. 
-Conduct basic security awareness "lunch and learn" sessions for staff members. 
-Be sure to clearly post all security-related documents on the company's intranet.

2.Make employees the centerpiece of attention. Stress partnerships and people, not technology and policing. Empower them by stating their critical role in information security. For example, avoid statements that say "Do this," or "Don't do that." Instead, use proactive, collaborative wording like "Your role is [...]," or "You can make a difference by [...]." Try to use disciplinary action as a last resort only.

3.Measure the effectiveness of the program. Periodic security quizzes or tests are a good way to promote and measure the program's success among the employee base. Another method is to put a counter on the number of hits on the security documents section of the intranet. Where possible, employ power users within various departments to help you spread the word and make progress checks.

4.Communicate successes. Keep the lines of communication open with employees. Send out updates on existing and future security initiatives, as well as the background or rationale behind such decisions. If possible, set up a graphic security "barometer" on the corporate intranet to display the organization's current security status.

5.Keep the program flexible. What is considered a security best practice today might be obsolete tomorrow. Allow for some elasticity in your program, taking into account such factors as: changing business models and/or objectives; the introduction of new technologies; emerging security threats and/or new viruses; and growth of the network and the user base (i.e. resulting in a greater number of points of vulnerability).

6.Expect realistic results, not miracles. Malicious insiders in particular will remain difficult to stop by implementing a security awareness program, especially if they are determined to hack and burn. It's kind of like the federal government enacting a law that restricts the number of bullets allowed in a gun, and then expecting bank robbers to obey it. Still, simply conveying the repercussions of security breaches to employees will go a long way towards preventing them.

In : Guest Security Articles 

Tags: security services runcorn   



a abroad access advanced advice after agency airport alarm alarms alone american apartment appleton armed armour as assault at attacks authorized aviation bar behaviour best blackpool body bodyguard bodyguards bold border bouncers boys british building burglar business cameras car career casino cctv chauffeur chauffeurs cheshire chester china christmas church cities city cleaning close club commercial companies company computer concert concierge conflict construction consultants contract control copacabana corporate courses cover cpo crime criminal criminals customer customers dangerous daresbury dealing decay devices distribution dock dog dogs door doorman doormen doorstaff drivers driving drunken drunks dubai elderly england entry equipment event executive factory families farm fears female fire for force from funeral gangs garage good grange great greater groups guard guarding guards hardwick haydock healthcare heath hidden higher hiring holiday home homeland hospital hospitality hotel hotels hour hours house houses improving in incident industrial inner intercom intervention interventions is jobs keyholding kits lads largest latchford leigh licenced lights lilford live liverpool locks london lone long loss lymm mafia management managers manchester manned marina maritime merseyside micro-bit mobile motorcycle museum new night nightclub nightclubs north of offenders office officer officers on operatives organised our outdoor park party patrol patrols personal physical planner planning practice premises preventing prevention private problems professional property protecting protection provider providers pub public pubs radios range reception recording rejected removing report reports residential response restaurant retail risk robots runcorn russia russian safe safety salford sankey school security selecting self service services sia signs site skills society spartan special squatters stadium staff starting static stay staying stockton storage stretton supervisor supervisors system systems the tips to trafford training transport travelling two uk vacancies vacant vehicle venetian venue video vip walking walton warehouse warrington watch way wedding west while wide widnes wireless with women women's woolston work worker working workplace world writing york your yourself youth 24
Copyright Spartan 24 Hour Security 2008