The document discusses the importance of employee security awareness programs. It notes that many security breaches are caused by employees, either intentionally or unintentionally. It recommends that companies strengthen security systems, establish formal security practices, and invest in security awareness programs to educate employees on security policies and their responsibilities. Such programs should involve clear communication of security expectations, flexibility to change over time, and metrics to measure the program's effectiveness at changing employee behavior.

1. Employee Security Awareness Program!
A section of security breaches are caused by employees, whether accidentally or deliberately. Security
breaches would tantamount to:
• Theft of data and confidential information such as financial figures, tender amounts, etc.
• Opening infected emails and unknown attachments from unheard senders.
• Leaving workstations on at the end of the day.
• Disclosing passwords to peers, family and friends.
• Installing unauthorized software for personal use.
• Lack of virus software updates.
• Using internet resources for personal use.
• Improper use of laptops or other devices, leading to loss of proprietary information.
To prevent security breaches of any kind, organizations should strengthen and solidify all their security
systems and technologies, establish formal practices and invest in security awareness programs. This
program is aimed at making employees understand and feel responsible for security of the Company’s
assets and the consequences in case these assets are compromised.
Listed here are simple strategies from industry experts:
• The Company should discuss its expectations from employees. Awareness implies bringing
about a change in employee behavior. Describe what constitutes a security breach, how to report a
breach or incident, organize learning sessions and have all security-related rules and regulations
posted on the Company’s intranet for reading.
• Organizations should do their groundwork. Before choosing a security awareness program,
they should know who has access to what and who needs to access what. Knowing this is essential
as the dynamics of the program changes with the needs of organization. Security measures at a
leading investment bank would be different from those implemented by a construction company.
• Keep the security program flexible. What is good today may be outdated tomorrow. Introduce
new technologies, change business models, introduce new objectives, etc.
• Expect results, not miracles. Spiteful employees will hinder the understanding and
implementation of a Company’s security program. Make employees aware of the to-be-followed
repercussions for security breaches.
• It is vital for the top management to be involved with the security awareness program.
Without visible executive leadership supporting the program, employees will take it easy and break
the rules.
• Simplify your communication lines. The program’s success depends on how effective the lines
of communication are between employees and top management. Send out a monthly or bi-monthly
newsletter updating employees of the existing and future security initiatives. Set up an e-mail id or
special telephone line for employees to report security breaches or accidents.
• Explain each aspect of the program in detail. Curiosity may prompt employees to try out the
various features of the program. Verbally explain that pushing the blue button may lead to system
shutdown, while pulling the chain rings an alarm.
No.30, II Floor, Sarvasukhi Colony, West Marredpally, Secunderabad – 500 026 INDIA
Telephone: 0091–40–27803080 & Fax: 0091–40–27716308
URL: http://www.commlabindia.com Email: info@commlabindia.com

2. • Make sure that each employee is updated on the program. Lack of knowledge can pave
theway for expensive lawsuits and the like. Keeping each employee on the same page is the key to
a successful implementation of the security awareness program.
• Measure the effectiveness of the program by organizing security quizzes, tests, etc. To
know whether your employees read security-related documents posted on the intranet, use the
stats counter to know the number of times an employee reads those documents. Offer rewards to
employees for improving their security behavior. Announce the winners’ names through
newsletters or e-mails, compare their before and after training progress, etc.
• Mention employees’ role clearly for them to understand each security policy. If employees
understand their importance in keeping the Company’s data and information secure, they will alter
their behavior and think twice before divulging any confidential details.
To put it simply: For successful implementation of a security awareness program, employees at every
level need to understand basic securities policies as well as their responsibilities.
Do share your thoughts on the same.
To read more such articles, visit http://blog.commlabindia.com/
No.30, II Floor, Sarvasukhi Colony, West Marredpally, Secunderabad – 500 026 INDIA
Telephone: 0091–40–27803080 & Fax: 0091–40–27716308
URL: http://www.commlabindia.com Email: info@commlabindia.com