The human element is one of the most critical aspects of any security program, yet it’s often the most neglected. Many security leaders prioritise other projects and see little value in the efforts they do commit to training and awareness, following a “compliance is enough” attitude. However, this is the problem: Awareness initiatives are sporadic, with materials that reflect the minimal, uninspired investment in compliance focused activities. Meanwhile, security technologies that are critical to protecting environments are often rendered useless due to easily avoidable human factors.
We can provide answers to the following questions:
- Is my security awareness program designed to be effective?
- What can I do to change the behaviour of my people and make them more aware of and follow good security practice?
- How can I improve my security awareness program and make it more effective?
- Have I based my security awareness activities on techniques that are proven to change behaviour?