Merely having a security policy that outlines acceptable and expected employee behaviour doesn’t seem to be enough to inspire employee security behaviour changes, regardless of how big or small the enterprise is. Over time, it has been proven that a human-centred system and approach is needed where staff members are kept accountable for their security behaviour and consistently reminded to adjust their poor or risky habits.
Going into 2021 after a year laden with unplanned remote working and heaps of pandemic related stress, it has become apparent that employee security behaviour needs cross-departmental collaboration in order for real change to take effect and real security measures to be relied on.
4 areas affecting positive employee security behaviour changes
In order to positively influence human behaviour, there are 4 areas that the experts and in-house IT leaders need to take a look at and focus on. These are:
- A deeper understanding
In order for IT professionals to influence an employee’s security choices and habits, they need to have a deeper understanding of what factors influence and lead to their behaviours in the first place.
- Continued training and awareness campaigns
Education is imperative when it comes to security behaviour within a business. Staff members must be trained and continuously reminded about their role in ensuring the security of the company’s data.
- Creating systems that take human behaviour into account
Security systems and processes need to take human behaviour into account when they are developed. These systems need to keep staff members engaged and accountable for their behaviour.
- Accurate measurement of behaviour change
Simply setting a system in place is not enough. Businesses need to measure how effective the systems have been and just how positively they have influenced behaviour change. The data must then be used to improve on these systems and promote efforts that actually seem to be working.
working towards systems that focus on human error
Human error and negligence have lead to some of the world’s biggest data breaches and losses. In order for a business to safeguard against this, it should be a case of security first, then business. Programs must be developed to better understand the actions and choices of the employees and then work with this to create security systems that keep people accountable.
By studying existing systems, professionals have noticed that companies fail for various reasons. For starters, many companies choose to do nothing simply because they cannot have the perfect system. Having some line of defence is better than having none what so ever. Another area where companies fail is that they assume staff members are reading the security updates and system policies that are sent to them. This is not the case and often security-related information is pushed aside or overlooked. Companies also fail in their presentation of security alerts and updates. New data is often updated in boring documents that don’t grab the attention or engage staff members.
last word
In order to create a system that relates to your staff members as humans and gets them to respond accordingly, rethink your security approach, especially when it comes to training and creating awareness. Create a security system that takes the behaviour and choices of humans into consideration. Then consider making it more upbeat, interesting, and fun for your teams and you may find that their response to your employee security behaviour change recommendations is equally positive and more consistent.