The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/984836
15 WWW.ILTANET.ORG BEST PRACTICES Your Recipe for a Delectable Security Awareness Program Relevance When you dice (cut into small cubes of uniform size and shape) foods, each spoonful becomes tastier. Identify the top 10 security awareness topics to be addressed throughout the year. Be flexible: evaluate the direction of your security program quarterly to ensure it is on point, and leave room to address new issues that surface. Because this is a program rather than a project, it is important to circle back to topics when deemed necessary. "Keep it simple, keep it fresh." — Emeril Metrics Forget to set your stove or oven to the proper heat level, and your dish will not cook properly. Let the data tell the story and incorporate quantitative and qualitative measurements along the way. Well-defined metrics drive performance and provide focus. Define success and identify what and when to measure to know when success has been achieved; you will derive the most benefit from metrics if you keep them simple. Remember to get a baseline measurement to help you see the growth. Socializing what success looks like and the milestones achieved keeps a program sizzling hot. This approach allows project teams to determine whether learning is happening, if behavior is changing and if goals are being met. "Take risks and you'll get the payoffs. Learn from your mistakes until you succeed." — Bobby Flay Media Vary the menu. Serve up learning elements that appeal to all the senses. Meatloaf Mondays can either be comforting or boring. Programs that incorporate a mixture of modalities see increased responsiveness and success. For example, an elearning video designed to be consumed as a single-serving for an individual could also be dished up family-style and watched by a practice group in a team meeting. Also, some people are satisfied with a 3-minute executive summary appetizer, while others may need the 10-minute detailed entree. Consider these approaches along with in-person and virtual sessions to liven up your security menu. Marketing Creative and thoughtful plating enhances a dish. Successful programs leverage marketing techniques to serve up content in a palatable way — e.g., posters, commercials, blogs, phishing simulations, newsleers. The right size plate lets food stand out, so have a focal point, and avoid overcrowding the ingredients. Like a side dish, commercials and posters play a supporting role in the meal. Any additional garnishes should be placed purposefully and both complement and enhance the main course. Positive Perspective Remember that a good diet encourages you to eat well rather than spotlight poor choices. Focus on "how to" safe behaviors rather than "do not do" risky behaviors. Zeroing in on what you cannot eat only increases the cravings and feelings of deprivation, so, instead of telling people they cannot connect to Wi-Fi outside the office, teach them how to do it safely. Incentives It is always good to have the sweet treat of dessert to look forward to at the end of the meal. Catch people doing things right and reward them accordingly. Encourage people to report phishing emails, lock their computers and use shredders, then implement a point system or other competitive aspect to the program. This should entice even the finickiest of eaters. Remember that policies, technologies and training without behavioral change will not strengthen your security posture. By blending the right mix of ingredients and adding our special sauce, you will be able to serve up a delectable security awareness program that yields good security behaviors and maximizes your return on investment in information security. P2P "Cooking well doesn't mean cooking fancy." — Julia Child Marinating vs. Blanching: Which Is Better for Adoption? When it comes to people adopting any new program, we can turn to the world of cooking for inspiration. Marinating is the cooking process of soaking foods in a seasoned liquid before cooking, which flavors foods and tenderizes tougher cuts of meat. In blanching, a vegetable or fruit is scalded in boiling water, removed after a brief, timed interval, and plunged into iced water or placed under cold running water to halt the cooking process. Food is blanched to soften or to cook it. Some might view blanching as refreshing, but others would find it shocking. While short bursts of security awareness training can be effective in the moment, the long marinade will allow people to soak up all the flavors you are serving up for lasting results.