In the days that i need to go to the company where i work here in Sao Paulo i need to take the subway. If am not with my comic books, books or mangas, i always distract myself with all the communications ways spreaded in the station. They are sound warnings, TVs publications, informatives...
These days thinking with myself that what they do is exactly what we security professionals should do with all the company’s employees and/or service providers where we work.
When we talk about information security awareness usually we face some challenges:
Teach the veterans, new tricks – not always security is integrated within the business processes since the beginning, so in months, weeks and years they develop bad habits.
Security is a IT problem, not mine – many employees and service providers has the perception that information security is a responsability from IT/IS department not theirs.
Not explain why – if we don’t explain the reason why they have to change their actions to preserve information security, they are not going to give attention to the subject.
Therefore, the same way the subway do, regulary we should diverse to awareness them about information security. Whether through presentations, training, images, vÃdeos, gamification...
=)