Building a successful security awareness program
We all should know, even millennials, the old WWII adage Loose Lips Sink Ships or various derivatives of it. This is as true now as it was 60 & 70 years ago. But it’s all about keeping company information & employees safe & secure. Even when they don’t want to admit it to anyone.
In the past, it was generally accepted by most businesses that you could put a security ‘guard’ on duty and that’s all you needed to do, except lock the doors and turn off the lights… That’s it, it’s all you need. Right? 20, 30, and more years ago, yes, it was all you needed, but now…
The primary purpose of security awareness is to change/inform behavior and improve the culture at the company. Additionally, the ‘secondary’ purpose is to protect both company assets/property & the employees who make it go. Of course they don’t necessarily believe that.
Many employees interpret security as a hindrance to their work efforts. In a union environment there is something called ‘strike memories’. That’s where the union leadership and most union members see security as an extension of management and therefore an adversary and not help or protection, even if it is just a plain old rent-a-cop.
So building an awareness program to convince employees that security can help to further work efforts, and not hinder, and protect their lives, and jobs as well, is of paramount importance to the company. But when financial resources are tight, how can you do this and not bore them or have them remember any of it?
It is unfortunate, but it’s rare for a company to actually implement a program that intends to actively engage the employee with the sole purpose of striving for a better security culture. Part of this is the adversarial nature of many companies as well as the fact that the employees feel that it’s the company’s responsibility to protect them and they shouldn’t have to do anything to help.
I’m hoping to build you an outline, a guideline if you will, to try to help you to design and implement an awareness program. Am I positive that this will work? Absolutely not! For some companies, who follow through to the end, it will work. For some, either management or employees, or both, will not have enough buy-in to have it succeed. And if that occurs, you have bigger issues than implementing a security awareness or other similar programs.
I will start the process here and finish it with 2 more posts. It’s not hard or complicated to either understand or implement. However, where it may become complicated is in the actual details of several key components of the program, and that’s something I can’t do much about. So with that said, let’s get started with attempting to outline what’s needed;
Setting the stage:
This is possibly the most complicated and most difficult step in the entire process. Because this starts before finding someone to deliver the presentations and put up posters, show videos, or anything else. But it is by far the most important. The employees have to trust you and management.
By management I mean all employee leads, supervisors, & ass’t supervisors. Then would be the departmental managers and continuing up the line to senior staff in the ‘white collar suite’. Without the trust that must be engendered beforehand you are impotent in trying to convince them to assist with their own safety & security. And sometimes it can get worse with the employees even attempting to sabotage or interrupt security programs.
This goes to the corporate culture and what management puts out. There is an old cliché that says ‘You get back what you put out’. So, if you trust your employees and do what you should to be a good supervisor then they will instinctively trust you and management, hopefully. Check out these past blog posts to learn what these are.
I will reiterate here, and probably several more times as we progress, that if your employees distrust you, for any reason, then they are not likely to either listen or involve themselves in the security awareness program. And many times the excuses that may come out of it are the same as they would be for workplace violence.
In part 2 of this blog we’ll continue with Setting the Stage and begin actually the training and prodding process of moving your employees to assist in your security efforts and making them more aware of the issues.
Robert D. Sollars is a recognized expert on security issues, specifically workplace violence. He’s spent nearly 33 years in the security field. Visit his Facebook page, One is too Many, where you will read about other items related to security & WPV issues. Or be a twitter follower at @robertsollars2.
I May be Blind but my Vision is Crystal Clear