The idea here is that recognition of the level of peoples' data security awareness is key to ensuring that both the organisation and the individuals involved will know where they stand.
If there is a periodic test that staff can carry out, then this can become an ongoing process. The positive side is that if the staff get over 90% in the test, then they get salary increase perhaps. If they maintain that level of knowledge, the salary increase is confirmed as permanent. But if they fall below 80% in the next three tests (say) they lose that increase. And if they fall below, say, 50% they acknowledge that they have to go on a further awareness course or have booster training.
The organisation might want to act further and require that anyone falling below (say) 25% is instantly taken off public facing duties and required to undertake further basic and developmental training immediately in data security areas.
The aim here is to reward knowledge and to ensure that this is clearly shown to the individual. Note that it does not cover whether that individual will use that knowledge correctly - so there may be more rules required to cover this aspect as well.
This is a simple concept, but easy to carry out. The cost need not be large and certainly will be more cost effective than allowing people without the correct knowledge continuing in their role with the potential fo causing major damage to the organisation's reputation.
Let us know what you think of this approach - you may agree or disagree - just let us know so that we can adjust our recommendations going forwards. Have you tried this approach before perhaps - what did you find resulted?
The next blog in this series is to appeal to an individual's moral compass for those individuals that are driven less by money and more by doing things for the right reason.
This is one of a series of blogs on how to optimise your Data Security Controls by focusing on individual interests:
|1) Introduction: Introduction to string of blogs on how to encourage individuals to take data security seriously and apply it with enthusiasm|
|2) Staff Benefits: How do you appeal to individuals to encourage them to adopt and develop the data security system requirements with enthusiasm.|
|3) Business Benefits: The Business benefits of getting good data security controls - as a contrast to the benefits accruing to the individuals involved.|
|4) Salary Impact: Some people may be influenced by money and be encouraged to learn more if this is reflected in the reward structure.|
|5) Work Reduction: Some individuals react to the idea that they will have less work to do if they set things up well in the first place - it certainly is true for data security.|
|6) Bonus Payments: Where money is a key driver, but a change in salary is not possible, maybe a bonus system can be used instead to enthuse people into learning more about data security.|
|7) Tailored Training: Some people react well to being offered additional or specialised training - possibly with additional side benefits - whatever it may take to enthuse them to absorb data security awareness.|
|8) Choice of Equipment: Some people may choose to improve their working environment and this can be a method to enthuse people about data security too.|
|9) Holidays: Some people enjoy time off - and the ability to earn some spare hours may be sufficient to enthuse people about data security enough to earn them.|
|10) Moral Compass: Some people are driven more by their moral compass than whether they are paid more money or have time off. These are key people in your organisation as they will help steer the straight and narrow path.|
Your feedback and contributions would be welcome to help to hone these ideas for all to benefit from - please contact us via the https://securebusinessdata.co.uk/contact or call us on 0345 600 6975.