We need to upgrade our company security awareness training and we do not know where to start

The best place to start with the introduction of corporate security measures, is at the top. Once management has received adequate training and is seen to be implementing security measures, it will be easier to influence the staff at ground level.

In-house training is a relatively simple procedure. Supervisors and floor managers could be tasked with training the employees in their section. Employees need to be taken through a step-by-step security awareness training program to ensure the long-term stability of the company.

Training could begin with short workshops of an hour in duration set up to take place once every two weeks. Employee participation is vital to ensure that lessons learned and important areas regarding security are seen to be the responsibility of all staff. Clearly, employees first need to brainstorm and discover why information security and the protection of assets are so important.

Once the importance of security awareness and an understanding of the need to prevent security breaches have been understood, supervisors could then move as to how to do this. Staff members need to understand the vital role they play in the overall security of the company. Once the basics have been covered, higher-level staff could be offered more advanced training.

As with any training or risk management procedure, staff members need to understand the consequences should they disregard or breach the company procedures. Staff, during the course of their training, could be asked to suggest suitable disciplinary procedures to be employed. Management might find that staff members are even more ruthless than management might be in suggesting consequences for breaches of the security policy.

As with any policy developed from the ground up as it were, staff should sign an agreement to abide by the procedures contained within the policy. In this way, employees will feel bound to follow the procedures that they themselves have helped to draw up. Once staff “own” a policy, they are more likely to comply with it.

Management would do well however, to stay abreast of developments in the world of cyber crime and inform staff when new dangers or threats arise. When new security software is purchased, all staff should be trained in the use and application of the software. It is also advisable not to rely too heavily on the expertise of a single computer operator within the company. Management should ensure that there is always an understudy being trained in the event of a key employee moving out of the company. With the loss of an important role player, no working hours should be lost while a new person undergoes training.

Emphasize the basics when conducting security awareness training and staff compliance will follow. Training should always be relevant to the trainee, as well as being understandable and easy to put into practice. Make sure that the procedures to be followed are incorporated into the employees’ daily work schedules and job descriptions. Once awareness has become a habit, compliance is guaranteed.

Start training your staff today to avoid security breaches.