I'm excited how more and more organizations understand that cyber security is no longer just about technology, but about people. To have an effective security program, you have to also effectively manage your human risk. And to manage your human risk, you need an effective awareness program. But it also amazes me how people over complicate this. Here are the three tenets on how to effectively build secure behaviors into your organization. Keep these points in mind and your awareness program will not only have a huge impact, but be a big hit with your workforce.
- Thou must stop telling people what not to do. Instead, just tell people what they should do.
- Enable them how to do it. i.e.don't just teach importance of unique passwords, teach password managers. Make security simple.
- Motivate and engage people in their own terms. Don't focus on how awareness benefits your organization, focus on how it protects people at home and in their personal lives.
What commandments do you feel are missing? What would you add or change? Want to learn more about building mature awareness programs? Join us for the two day MGT433 course or the EU Security Awareness Summit this 6/7 December in London.