One of the signs of a privacy and security awareness program that is working is an increase in the reporting of security-related events by the organization’s employees. In fact, it’s one of several good awareness metrics for measuring the effectiveness of a security program. That matters because there are many aspects of an organization’s security posture that cannot be addressed by technology. Certain BYOD behaviors, tailgating, unsecured workspaces, and many other things come to mind. You just can’t put a firewall on everything.
To address these privacy and security challenges, some of the more astute companies are reinforcing their awareness programs with the equivalent of a neighborhood watch, moving security enforcement out into the grassroots of the organization. And it works. When security awareness becomes an organizational habit, people begin to notice things that would otherwise go undetected. When all employees are responsible not only for their own behaviors, but also those of their co-workers, you can be sure that behavioral errors that might compromise the organization’s security will be caught and corrected.
The benefits of such mutual accountability are obvious, but admittedly not so easy to instill. Real behavior change requires a change to the corporate culture. It takes making privacy and security awareness a priority that receives more than lip service. It takes moving beyond the trap of mere compliance. In today’s high-stakes climate of increasingly sophisticated cybercrime, a strong culture of security awareness is simply no longer an option. Ready to learn more? Here’s a great place to start.