Communication skills are often not the expertise of information security professionals. Nevertheless, if security organizations are to be effective in motivating employees to change behavior, they must expand their skill sets to include communication. The most successful information security organizations start by listening to what each business unit needs - what their problems are, what their strategy is, and what their future direction involves.
LastWord Steer employees to safe practices threat of malicious activity. Just as honest communica- Motivating employees to However, the most secure tion is an essential compo- practice safe computing is companies are also focusing nent of motivation, so is data. most often accomplished their security efforts toward Many security organizations when these individuals the employees and others have used fear as a tactic to understand the potential who may unintentionally put motivate individuals. While impact on them of poor data at risk. fear may motivate for an security habits, as well as safe But changing behavior instance, it almost always has computing practices. requires communication that a negative impact over time, A growing number of is open, honest and based on and may ultimately destroy consumers and businesses A highly data rather than fear. It also the organization’s credibility. have already experienced motivated requires dialogue that enables Using facts from reputable a serious data breach. But employees to understand how sources to help justify secu- these devastating events can workforce creates security – or the lack of it – rity activities and recommen- be leveraged to make secu- a protection impacts them personally. dations is very effective in rity a pressing and personal Communication skills are driving behavioral changes. concern for employees and system, says often not the expertise of These sources might include others. As individuals begin Justin Somaini. information security pro- appropriate metrics from to perceive security practices fessionals. Nevertheless, if data generated by internal or as an essential tool that could security organizations are customer sensors. They might protect their own interests, as T he last 15 years have to be effective in motivating also include reports on laptop well as their company’s assets, brought a lifetime of employees to change behav- losses. By providing such they are more likely to take changes in information ior, they must expand their metrics, employees begin to necessary steps to keep their security. The protection of skill sets to include com- understand that it is not fear information safe. information has never been munication. The most suc- or
Pages to are hidden for
"Steer employees to safe practices"Please download to view full document