cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
rslade
Influencer II

How to get your employees to help (with security)

I read a really interesting story from NPR about getting your kids to do chores.  As a grandfather, I know this to be true.  (When the grandkids came over, some of the big activities we laid on for them were things like taking the garbage out, and shopping.)  Believe me, if you think it takes too much work (now) to teach the kids to do chores, or clean up after them when they aren't perfect, you will definitely regret it (later).  (Yeah, shopping took twice as long, because, instead of going through the store in sequence and picking up what was on the list on that aisle, we had to go sequentially through the list, running back and forth across the store to where the items were.  So what.  We were spending time with the grandkids, not hurrying to something else.)

Apply the same principle to the employees in your company.  Yeah, you're the professional, and know more about it than they do.  But you're busy.  You can't do everything.  If someone else gets keen on it, and wants to do some security awareness, let them.  If someone else is willing to police "abandoned but unlocked" workstations in their area, let them.  You have to keep an eye on such projects, and it may cost you some time now, but they'll get better at it.  They'll learn more.  And eventually everyone will feel better about security.


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
2 Replies
sjstore2
Reader II

Policing of unlocked workstations is a big company wide thing where I work.

If your machine is left unlocked there will be a message going out very quickly to the rest of your team letting them know you are bringing donuts in the next day.

While playful, it reinforces a serious message about locking workstations. The person who have sjust been "donutted" is less likely to leave their workstation unlocked and everyone else is on heightened awareness to lock their workstations.

Plus, everyone gets donuts!
denbesten
Community Champion


@sjstore2 wrote:
If your machine is left unlocked there will be a message going out very quickly to the rest of your team letting them know you are bringing donuts in the next day.


How quaint.  My company uses group policy and/or MDM software to enforce a uniform idle lock timer.  No notes, no donuts and sadly, we can not select our own screen savers, but we do have uniform protection that easily passes audits.