Building a successful security awareness program-part 2

by todaystrainingblog

 

Setting the Stage-Part 2-continued:

Now that you’ve re-evaluated your culture and learned the attitudes that can cause workplace violence (WPV (, and other trust issues within the company, you’re ready for the 2nd step in the process. Picking the right way to present the information. And if part 1 in setting the stage is the most important, then this would be a very close 2nd.

The primary reason that this is a close 2nd is the fact that if it’s not presented correctly and in a way that actually engages your employees then it is a waste of time & financial resources, which is intolerable by everyone. Your employees have to be interested in learning the material and listening to what has to be said.

Will it be a ‘dull plodding’ security manager or will you hire a professional training company, at much expense to deliver it? Preferably you hire an outside consultant to deliver the information and provide the necessary material.

The reasoning behind that is the fact that many employees may not trust the security manager as they are an extension of management. An outside consultant is someone they don’t know but could more easily trust.

In part 1, we discussed the idea that your employees have to trust you in order to buy-in to the idea of security awareness. And going along with that is your management team up to and including the C-suite, where it begins, or ends, because this is where usually all the distrust originates from.

Now covering the way to show and improve your employee’s awareness and hopefully get them to realize how important security really is to both them and the company. And if you can successfully do that, then you’ll have extra eyes assisting your security officers.

There will always be those within the company who will distrust any management directive as hindering and spying on the employees. No matter what you do, there will be the ‘agitators’ who will attempt to disrupt your efforts to secure them and the company. That is their perception and it will probably never change.

 

The training process:

One way to increase security awareness with the employees is with posters. Safety posters have been around for decades and used a number of cartoon characters to get their point across in a humorous way. They have a tendency to lose their luster after a few weeks and their effectiveness.

The problem with posters is that they aren’t rotated enough. The posters stay up for months on end without rotation. Therefore, the only ones who are affected by these are new hires or those who transfer into the facility.

Ideally, they would be rotated on a weekly basis. However, being realistic, unless you have a dedicated individual to do them it can’t reasonably be done.

Another way to train employees is through the monthly or quarterly meetings that you, the security professional, should be conducting. A short 5-minute presentation from either a consultant, officer, security manager, or outside law enforcement can be very effective. Anyone of the security staff can present it as long as they are qualified.

And having a police officer, domestic violence counselor, or someone in a similar background will be listened to, probably better than either a manager or security officer/consultant. And usually these kinds of people can be had for next to nothing for a few hours.

In the past training was conducted in longer full length training in which employees quickly lost interest. It’s not their area of responsibility and therefore it’s all a distraction to them. But in 5 minute bursts…

One of the last things you can do to increase interest in security awareness and have your employees is to show them how it actually affects them when security isn’t ‘tight as a drum’  If it’s in the IT department, then show them the information that can be stolen from your computers and how it could affect their jobs i.e. corporate secrets and plans.

Likewise, with factory floor workers show them what theft and possibly workplace violence can cost them. Crying children, grieving spouses, & totally distraught elderly parents can be a huge factor in their acceptance.

Another of this is demonstrations and role-playing during the meetings. Most WPV incidents are over within 3-4 minutes of their start. Basically this means in the time it takes to conduct the security meeting everyone in the room could be dead or dying.

Use written tests with a reward for filling it out and submitting it. It won’t cost the company that much to offer sandwiches at a local burger joint or a free lunch. You don’t have to grade the test, just see if they get what’s being taught.

Lastly, a simple suggestion box may be helpful. Yes, an old fashioned suggestion box or use a digital alternative. This can be for questions they may be afraid, or embarrassed, to ask in front of their peers. Or to turn in someone for some wrong doing, or suspected, or potential security issue. It just has to be taken with a grain of salt for obvious reasons, especially if there is still a trust issue.

In part 3 we’ll discuss the supervisor/management role in the awareness program. It really is up to them in a lot of respects.

 

Robert D. Sollars is a recognized expert on security issues, specifically workplace violence. He’s spent nearly 33 years in the security field. Visit his Facebook page, One is too Many, where you will read about other items related to security & WPV issues. Or be a twitter follower at @robertsollars2.

                 I May be Blind but my Vision is Crystal Clear