One of the problems inherent in Data Security is that it is likely not to be the main focus of an individual's work (certainly for some it will be, but for most people in an organisation, they will have other primary goals). Yet, at the same time, Data Security Awareness must be maintained and increased at all times.
To promote enthusiasm in individuals to achieve a heightened level of Data Security Awareness, is therefore key. If this is set up as a competition, this is instantly less likely to succeed if the very people who are less enthused about pushing themselves, are likely to resign themselves to not winning such a competition and consequently will not try harder.
So to get the attention of the ones that are not that keen in the first place, why not focus them on extra time off - which, by a similar definition, may appeal to them better.
Do this by informing staff that there will be a series of tests being carried out by some friendly hackers (penetration tests) on an ongoing basis henceforth. Make sure that the purpose of the tests is also clearly explained (ie to discover how specific emails and enquiries are handled and whether this is carried out correctly by each individual).
Then those that pass those tests, get to have an extra half day, or even just 2 hours off. These can be applied, say, to Friday afternoons so that they can get away early for a weekend break. It may not be necessary to make them totally their choice as to when else they can be used - thus keeping some control over the use of these holidays. So if Wednesday mornings are always less busy, make it that people can earn the right of not coming in until 11am on a Wednesday. They can sleep in, or go shopping or do the housework or whatever, but the affect will be optimal for the individual and not overly detrimental to the organisation.
By applying this reward to all persons that pass the penetration testing, this removes the competitive nature and makes this a personal gain choice.
By applying this when it suits the organisation (eg Wednesday morning, in this example, or Friday afternoon) - but leaving the choice of which Wednesday morning or Friday afternoon to the individual, they are empowered by this benefit - rather than being controlled by it.
This will not work for everyone of course, but is is part of your armoury of approaches to address how to enthuse people to take Data Security seriously.
This is one of a series of blogs on how to optimise your Data Security Controls by focusing on individual interests:
|1) Introduction: Introduction to string of blogs on how to encourage individuals to take data security seriously and apply it with enthusiasm
|2) Staff Benefits: How do you appeal to individuals to encourage them to adopt and develop the data security system requirements with enthusiasm.
|3) Business Benefits: The Business benefits of getting good data security controls - as a contrast to the benefits accruing to the individuals involved.
|4) Salary Impact: Some people may be influenced by money and be encouraged to learn more if this is reflected in the reward structure.
|5) Work Reduction: Some individuals react to the idea that they will have less work to do if they set things up well in the first place - it certainly is true for data security.
|6) Bonus Payments: Where money is a key driver, but a change in salary is not possible, maybe a bonus system can be used instead to enthuse people into learning more about data security.
|7) Tailored Training: Some people react well to being offered additional or specialised training - possibly with additional side benefits - whatever it may take to enthuse them to absorb data security awareness.
|8) Choice of Equipment: Some people may choose to improve their working environment and this can be a method to enthuse people about data security too.
|9) Holidays: Some people enjoy time off - and the ability to earn some spare hours may be sufficient to enthuse people about data security enough to earn them.
|10) Moral Compass: Some people are driven more by their moral compass than whether they are paid more money or have time off. These are key people in your organisation as they will help steer the straight and narrow path.
Your feedback and contributions would be welcome to help to hone these ideas for all to benefit from - please contact us via the https://www.securebusinessdata.co.uk/contact or call us on 0345 600 6975.