In a digitally secure organization, employees are aware of their behavior.
Read the tips here!
A digitally secure organization in which employees are aware of their behavior. And where colleagues dare to voice their opinions, challenge and inspire each other to work more safely. This is what every CISO, PO and FG strives for. Logical, at a time when municipalities and other organizations want to make the most of digital opportunities and provide optimal service. Strong digital intuition from employees is essential in this regard.
We offer tips for increasing employees’ digital intuition to make the organization digitally secure.
TIP 1: Realize that data is the foundation of any behavior change approach
To measure is to know. And awareness activities are especially not about measuring attendance or participation in a training, e-learning or serious game. Also, the primary concern is not whether knowledge has improved or whether colleagues are more or less aware. What matters is whether the trainee-usually a colleague-has started working more safely and knows what behaviors still need to be improved.
Without this data, it is impossible for CISOs, FGs and POs to make targeted reports on employee awareness and improve behavior. To achieve a data-driven approach, we at Brooklyn Partners work with the Cyber Barometer. Thus, we determine the awareness program based on input from all employees.
“Is mandating Awareness a bad idea? Yes, initially it is!”
TIP 2: Choose learning based on intrinsic motivation
Is anyone more open to learning if they have to or if they feel like it? According to psychologists, we are more open to learning when we like something or have a positive approach. The same applies to the topic of awareness. If we give all trainees the opportunity to learn at their convenience and in a way they want, then the organization is more likely to evolve into a digitally secure organization.
What also works well is stating the importance of learning. People just like to contribute to something. For example, municipal officials enjoy helping the residents of their communities and are more incentivized when they learn about information security and privacy if doing so protects their citizens’ data. So that importance must be clearly communicated.
So is mandating awareness a bad idea? Yes, initially yes, unless you find out after providing many training opportunities that a group is far behind in desired awareness behaviors. If so, a personal invitation to training is in order.
TIP 3: Make interventions relevant based on learning objectives
Has your organizations awareness strategy mapped out different personas (a very detailed description of a user of your awareness services) with their individual learning objectives? To get there, first analyze what risks your organization has. Do that easily with our Awareness Risk Assessment.
Also analyze the extent to which the desired awareness behavior has been developed. Next, determine the learning objectives. Then it is easy to tailor any awareness activities such as e-learnings, serious games or ambassador training to the target audience. Consider appropriate topics, level, language, energy, etc.
To arrive at an awareness activity, use the Awareness Activity Canvas we developed. It is a great tool to develop an awareness activity and share the idea in an easy way.
Working together?
Ask us about the solutions and activities we have already developed. Or check out our free Co-creation solutions. If you want to secure digital security in the organization in a more sustainable way, choose our Approach 100% Aware.
TIP 4: Engage key stakeholders to drive and secure behavior
Merely providing more knowledge through an e-learning is not going to improve the privacy and security behavior of your employees. Securing the behavior requires a culture of motivating and helping each other.
Tips for culture change are:
- Let the board express that awareness is important and why. Thus, awareness and more important position in the organization. The Escaperoom can help with that.
- We are more likely to accept feedback from a close friend or colleague, rather than from our manager. Therefore, train internal ambassadors so that people can help each other in the workplace in a low-threshold way.
- Engage executives regularly and give them input to put awareness on the agenda of periodic team meetings. Should you suspect that executives are not working with their teams on awareness, organize a session in which all executives sign a “letter of intent. At that point they often express their frustrations and you can once again have the board express the importance.