We reached back through the archives this week to a piece from 2016 on the role of people in avoiding security risks. You can read the article here.
Security technology has improved significantly over the past few years, but most organizations have lagged when facing what is likely their biggest vulnerability - people. Regardless of the many policies and procedures we produce, it’s often an individual’s behavior that makes the difference between avoiding a security risk, such as a social engineering attack, and becoming the victim of one.
And human behaviour is not something that can be changed easily. There are three crucial principles to keep in mind when designing behavioral interventions in your organization.
Get their Attention: First you need to make sure you’re actually getting people's attention, which is difficult in this era of overwhelming internal communications and demands on employees’ time.
Make it Relatable: Second, you have to give people a reason to listen to you by convincing them that whatever is on your agenda (such as avoiding a cyber-attack) is directly and immediately important to them.
Keep it Simple: Third, you need to introduce simple, easy-to-remember and easy-to-use tools that will help them avoid threats, and decrease the overall likelihood of threats occurring.
Want more security risk management knowledge straight to your inbox? Sign up for our newsletter here