Security Awareness on a Shoestring Budget
Posted by Dave Sherman—PhishLine • Wednesday July 19, 2017
We’ve seen it before—you want to develop a good security awareness program, but your budget is limited. So what are your options? Can you even make a dent in securing your most valuable and most vulnerable assets with a very small budget?
The truth is, even the smallest steps moving forward are better than standing still. Here are a few ideas that might just help your organization kick-start a dedicated security awareness program.
Top of mind, tip of tongue
Security awareness is a lot like marketing, except your audience isn’t interested in the products you have to sell until it’s too late. Come up with a security awareness initiative for your organization.
Think like a marketer. How can you articulate this in a way that employees will remember and embrace? Once you’ve established an approach, make it known. Give it a theme, such as ‘Shields Up!’ that serves as a call to action for every employee to protect the company from phishing attacks and other external threats to information security.
Centralize your information
Once you’ve established a theme, work to incorporate it into existing programs. Place internal procedures for reporting security threats, spam or phishing all in a ‘Shields Up!’ tab on your company intranet.
Publish a monthly internal newsletter entitled ‘Shields Up!’ that features blogs on security topics. Are there any new campaigns being pushed out by your internal communication department? If so, see if you can integrate your ‘Shields Up!’ messaging to materials that are prominently displayed in high traffic areas, like posters in lunch areas.
Engage your employees
Behavior change should be the goal you are striving for in any awareness program. Whether it is coaching employees on spotting phishing emails and reporting them, or reminding employees in shared office spaces to lock their workstations, we all have room to be more secure.
When issues such as these are addressed in the moment, you can guarantee that a behavior change is almost inevitable. Empower your managers to identify and praise healthy security practices and offer ways to coach employees who are not as savvy. Reward employees who lead by example with ‘Shields Up!’ T-shirts that are inexpensively produced.
In the end, organizations are only as secure as our employees. No matter the budget, there are always creative ways to work towards a more secure workplace.