We have learned that the intern had missed the last two security awareness training sessions: The intern perceived this training as having a low priority compared to their other responsibilities, and thought that there would be no new or relevant information relative to their role in the organization.
Assignment Question:
|
In your responses to your peers, address the following: 1 What would you do differently? 2 What additional recommendations would you have for the solution they provided? |
PEER POST # 1
In Case Study Two, we encountered an intern who violated company policy, resulting in a breach of security for our customers. While the employee is new and possibly inexperienced, it’s disappointing to discover that they missed their last two security awareness sessions. The intern expressed that they didn’t consider it a priority in their job duties and were unsure about the availability of updated information. This mindset is not conducive to our goals. It’s my responsibility to provide expertise and foster a security-aware culture for the organization to adopt. Building a culture around safeguarding a company’s assets begins at the highest level.
Upper management, executives, managers, and supervisors must actively promote security in the workplace to instill a security mindset within their teams. Initiatives such as sending out email reminders, conducting security meetings, and providing one-on-one coaching can assist upper leadership in cultivating a security-conscious environment. For instance, Apple’s technical support advisors are reminded daily about various ways they must uphold customer privacy, starting from their new employee orientation. We should establish a similar expectation within our organization.
Consistent and user-friendly online security training should be offered in a visually engaging manner. Moreover, all employees should be required to demonstrate their acknowledgment and understanding of the training. This should be a standard procedure during the early stages of employment. If an employee fails to comply, a disciplinary process should be in place. We need such a process to ensure that we don’t retain employees who willfully disregard the company’s expectations.
Each supervisor should take responsibility for ensuring that their subordinates adhere to these policies. While this may serve as a deterrent to some, it can also foster a proactive security mindset. Implementing ongoing security reminders, regular training updates, acknowledgment of policy expectations, and a clear disciplinary procedure can help transform our organization in Case Study Two into a more secure workplace.
PEER POST # 2
Changes that could be made that would help build a more security-aware culture within the security organization are several.
First, make security training mandatory for all employees, including interns and part-time staff, to ensure universal awareness and accountability. Second, tailor the training material to be role-specific, making it directly relevant to different job functions, thereby increasing engagement. Third, keep the content engaging by using real-life scenarios or interactive methods like gamification to enhance retention. Fourth, maintain an ongoing security dialogue through periodic updates and refreshers. Fifth, involve organizational leadership in these programs to emphasize the importance of cybersecurity from the top down.
They fix the problems in how things are currently done that just let people slack off, like that intern who keeps ditching training sessions. Making training mandatory, relevant, and fun ensures that everyone knows their stuff. And by constantly updating the info, it stay updated in everyone’s minds. When higher-ups get involved, it showcases the paramount significance of cybersecurity for the entire company. So basically, all these steps create an atmosphere where everyone is committed to security. This ends up meaning there are less weaknesses and the overall security for the organization gets a big boost.
