Recently @erickolb asked me a great question, how do you train and engage a workforce that has a high-turn over rate? This is a common challenge, especially for industries such as retail where high-turn over or seasonal hires can greatly complicate your program. These are some initial recommendations I would make.
- Start With Your Core: Start your program with and focus on your full time employees and managers (such as headquarters, branch managers, etc), people that are there for the long term. By focusing on your long term people, not only can you leverage them to establish your awareness program, but you can build a secure culture within the core of your organization. This is key.
- The Focus on Turn-Over: Once you have an awareness program established within your core, then you can begin reaching out to your part-time employees, short term hires, or where your turn over is the highest. The reason you want to be sure your core program is established first is alot of your temporary work force will follow the behaviors of their managers. If your organization does not have a secure culture, if your retail or branch office managers do not have secure behaviors, we have no hope of changing behaviors where turnover is the highest.
- Fast & Focused: To effectively communicate to these folks you are going to have to make it fast and focused. They don't have time to learn your entire security policy, they won't be around long enough. Instead you have to do a good risk analysis and focus on the fewest topics that will address the greatest risk, such as card holder protection. We have to deal with the realities they you don't have the time to teach them much.
Ultimately you will probably have two separate awareness programs. A more in-depth, long term program for your core, full-time employee that focuses not on just behavior change but ultimately culture change. These security leaders will be key in demonstrating secure behaviors. Then you have a shorter, more focused program for where your turn-over is the highest, focusing on the key points that address the greatest risks. If you have a security awareness questions or challenge let us know at firstname.lastname@example.org, we would love the chance to try and help!