Security News > 2020 > November > Changing Employee Security Behavior Takes More Than Simple Awareness

Security awareness rarely leads to sustained behavior change on its own, according to a recent analysis - meaning that organizations need to proactively develop a robust "Human-centered" security program to reduce the number of security incidents associated with poor security behavior.

According to the Information Security Forum, the information security industry is playing catch-up when it comes to positively influencing behavior - the proliferation of remote-working arrangements, exacerbated by the stress associated with the pandemic, has underlined the importance of strengthening the human elements of security.

Delivering impactful security education, training, and awareness.

"A human-centered security program helps organizations to understand their people and carefully craft initiatives that are targeted at behavior change, reducing the number of security incidents related to human error and negligence."

"I frequently talk to very talented training and awareness professionals that would like to push the envelope and do something creative that gets people's attention, and their good ideas get shot down or watered down to the point of no longer being engaging. I know of one large company that wanted to move from one hour once a year training, to shorter trainings over the course of the year. This is considered the norm for any mature security awareness program, but even that was shot down by corporate administrative functions that have no responsibility for securing the organization. If the security team is responsible and accountable, we also have to be empowered to run the program."

News URL

https://threatpost.com/changing-employee-security-behavior-awareness/161607/