Compliance is Cool: Employees Want to Do the Right Thing

Employees are motivated to protect information, thereby helping meet compliance goals. But they need good awareness training to show them how.

When it comes to employee awareness and compliance training, how do you get your employees to do the right thing?
Achieving your employee awareness and compliance goals ultimately comes down to teaching your employees how to do the right thing and then ensuring that they want to do it. Nail these two things, and you stand a good chance of creating the kind of risk-aware corporate culture that not only meets compliance and employee awareness goals, but also makes yours a better company, for both employer and employee.
Developing such a culture may seem like a daunting task, but fortunately there’s spark of hope. We’ve come across an enlightening study by Glenda Rotvold, Ph.D., an Information Systems professor at the University of North Dakota. The study revealed some surprising patterns of compliance behavior in the context of security awareness, privacy awareness, and corporate compliance.

First, the Good News

Employees want to do the right thing! In fact, this intrinsic desire was identified as one of the top three motivators for compliance-related behaviors. The other two drivers were the general sense of employee responsibility for information security and the importance placed on information security and data protection by the organization.

Now the Bad News

While employees may want to do the right thing, they’re not always sure what that is. In fact, more than 40% of those surveyed were not even aware that there are consequences for failing to comply with their organization’s security policies. Equally distressing is the fact that users who are uneducated in the ways of privacy and security awareness are simply unable to recognize the conditions that might precipitate a breach or know when one has occurred.
“It is very possible that incidents may go unreported,” Dr. Rotvold explains, “because users may not understand all the events that could be considered a breach nor clearly understand how and when to report a breach. This can represent a serious concern for organizations, because they cannot take appropriate action until an incident is reported.”

Toward a Solution

There’s an easy fix here. As we’ve said before, organizations must equip their employees with the skills they require to act on their desire to do the right thing.
Changing employee behavior is key. Neglecting the all-important behavior change element misses the whole point of programs designed to improve compliance and increase security and privacy awareness.
Recognizing the human element is the essential difference between initiatives that seek only to check the compliance boxes and those that work to build the right behaviors into the fabric of the organization. Implement an e-Learning program designed with the human element in mind, and everyone wins.

Share this Post