Security Awareness for Everyone
Often people are seen as the weakest link in information security. Changing people in order to behave safe and secure, requires specific expertise. Moreover, in addressing security for and to your employees you have to consider that secure behaviour is the result of not only knowledge but also personal and organisational factors.
Secura combined psychology and security expertise to address behavioural change regarding information security in Secura’s SAFE program.
The SAFE program of Secura distinguishes itself from traditional awareness approaches because it is:
- designed by psychologists and information security specialists (joint expertise on human behaviour and information security)
- focuses on achieving behavioural change (beyond awareness)
- addresses knowledge, personal factors ánd organisational factors (more than education by also addressing factors such as organisational culture and personal motivation)
- tailored to the nature and risks of an organisation (not ‘one size fits all’)
- based on repetition (not a ‘one-time-check-in-the-box activity’)
Traditionally, human-focused campaigns in information security (often called as cyber-security) have the goal of increasing awareness. No doubt, a basic minimum knowledge level is crucial in information security. Evidence shows however, that there is a gap between awareness and behaviour. In other words, knowing what you should do, does not necessarily lead to the desired behaviour.
Secura’s SAFE program focusses on achieving behavioural change. Of course, making everybody aware of potential risks and subsequent desired behaviours is a prerequisite for secure behaviour. However, an organisation in which every single employee knows the risks and how he is expected to behave, does not guarantee safe behaviour. Instead, to guarantee a secure organisation, its employees should behave securely.
In Secura’s view, behaviour consists of three factors:
Psychology teaches us that an information security program for employees will only be effective as long as each of these factors is addressed. This is the basic idea of SAFE and this holistic view helps organisations by providing continuous focus on information security.
SAFE consists of assessment and education. The program employs social engineering, phishing, employee surveys, road shows, demos, classroom training, eLearning and other elements in a tailored and effective approach.
Are you ready to be SAFE?
Contact our team at +31 (0)88 888 31 00 or email firstname.lastname@example.org, to learn more about SAFE and find out how we can tailor the program to your organization.