Do your employees read information security and acceptable use policy revisions like they were the next Harry Potter? Or do you have a sneaking suspicion that your hard work may be going unread or being instantly forgotten? Achieving sign-off on information security policies and AUPs can be problematic enough for CISOs. However, making sure those amendments are put into practice immediately by an entire organisation of time-poor and information-overloaded employees is the real headache. Let’s take mobile devices as an example. Most organisations I come into contact with nowadays are fully embracing the mobile device revolution. Those that traditionally only supported one mobile phone platform now support multiple platforms. Those that had a blanket ban on tablets are now capitalising on their agility benefits. Symantec’s 2012 State of Mobility Report makes interesting reading about this growing trend. Information security policies and AUPs are continually evolving documents. Unfortunately, organisations that have spent a great deal of time and resource building an effective employee information security mindset can sometimes fail to evolve that mindset in line with policy amendments. I use mobile devices as an example because many organisations are currently implementing huge policy changes to address the extreme risks they pose. The point is this: every evolution of policy must go hand in hand with an evolution in employee mindset. The two are intrinsically connected. Therefore, using the same awareness campaign branding to align with the distinct category of instructions relating to information security, the new messages must be communicated in compelling, fun and memorable ways that gently amend what has already been learned. In effect, we ‘overwrite’ what was previously communicated in a manner that neither confuses employees nor irritates them about any perceived changes in direction. Keith Ducatel Director, Article 10 Security Engagement and Awareness
Related Articles -
informaton sercurity, evolution, organisations,
|