October is behind us, a big month for national security awareness campaigns across several countries. For many, campaigns like this offer the only security training people get during the entire year. But a campaign oriented approach like this has also a few limitations. You simply cannot frame all your company’s security training needs within one month. Campaigns cannot be arranged for each and every other month either. So, what should you do when October ends?
Some insist on the contrary, but any of your colleagues can be a valuable contributor to your company’s security efforts. An example is when you do not have systems, rules or training to cover an unforeseen event, but people improvise to stay both as productive and secure as possible. Risk-based trade-offs like this happen a lot – although people will not necessarily tell you when it happens – but that’s how business gets done. Another example is when people report incidents (or potential ones), allowing your organisation to improve and become more resilient to cyber-attacks.
A favourite part of my work is talking with other people. There is so much insight to learn from actually getting to know other persons, face to face. Especially when you work with security and IT, and you start listening to what people are actually saying about it.
Anyone can relate to an e-mail they got, that seemed a bit suspicious. Or to seeing a Facebook campaign that seemed too good to be true. Security is not something special that matters only for a few people. According to a recent online survey of American adults, 39% said they would sacrifice sex for one year if it meant they never had to worry about being hacked.