Security Awareness

Security awareness is the cornerstone of any business security program.  The National Institute of Standards and Technology (NIST) describes security awareness as the focus of attention on security.  Without that focus or attention on security, no security program will be complete.  You could have the best alarm system in the world, coupled with the latest video surveillance technology, but if the people in your organization don’t use it, think about it or ignore the equipment, then it will have no value.

If you run or operate your own business it is relatively easy to build security awareness.  You can make sure that your employees get training on security topics and that they understand, or at least have been exposed to, the reasons that security is important.  The trick, of course, is in the details.  How do you train, or better yet, truly engage your employees to focus on security? 

On the other hand, if you don’t run a department or are not in an official leadership position, how do you get your organization to shift some focus to security?  That can be more of a challenge.  You may not be able to conduct any type of training or even update policies or take any other official steps.

There are some common solutions in both of these cases.  In either case, you can lead by example.  In the first scenario, as the company leader, you can dictate that everyone will attend training, but that will not automatically mean everyone will comply.  Ask any manager.  How much effort is spent giving clear direction and timely feedback to get even normal tasks completed in the way needed?  So start living by the same rules you want everyone else to follow.  Lock your office door when you leave.  Don’t leave your computer password on a Post-it note on the monitor.  Keep valuable or proprietary documents stored safely, not left in a briefcase in plain view in an unlocked car.  Overtime, your co-workers and your employees will start to notice.  Most will realize that these are just ‘common sense’ measures that can protect your business and will follow your example.  This can be the first step towards a security aware culture.

If you cannot change training procedures or new employee orientation to include more formal training, you still have options.  Check with your local police department.  Many will have community officers available to come by your office and help assess your risks at no cost.  It won’t be an in-depth security assessment, but it can be a helpful tool to remind your co-workers and your managers about some basic security steps.  And it is not coming from you, it is coming from your neighborhood police officer. 

The same officer or group can also provide some free training.  Many police departments have some really good training sessions on topics like personal safety.  Set up a ‘brown bag’ session at lunch time and invite co-workers to attend.  This can be a great way to start shifting that focus to a secure workplace.  It is also a great chance to build a relationship with your local responders and give them a chance to get to know your business, the building layout and your worries or concerns about crime. 

Another way to improve security awareness is to pass on information related to security risks or crimes in the surrounding area or within your industry in other areas.  When you come across a news story that could be related to your situation, pass it on. 

A word of caution – don’t try to sway everyone with the warning that the sky is falling.  Keep your efforts to create a security awareness program based on a realistic approach for your business.  If you are able to show how some attention on security issues can actually help your business, you will be much more successful in the long run.  Focus on the issues that really do create threats.  For example, if neighboring businesses have had purse snatches during the day from their offices that is a great warning to pass on.  However, treating the plans for your company picnic like the secret recipe for the 11 herbs and spices used by KFC will quickly lose you your credibility.  Remember, if you cry that the sky is falling day after day, eventually, you will be ignored.  Even on the day it does fall.

Security awareness programs really are important for all organizations, whether it is a home business, church office, school or Fortune 500 company.  This is a topic that will be a recurring theme in this blog, from developing formal training programs to helping identify areas that need that focus and have been overlooked.

No comments:

Post a Comment