It’s OK to be the one who says, “Security first.”
In a past workplace, the security manager had a great reinforcement technique to make sure people didn’t leave their computer screens unlocked. He would walk through work spaces, locking unattended screens, a polite note left behind reminding them to keep their data safe.
The security manager would do this even if the employee had just walked around the corner to get their files from the printer. You might be thinking, what’s the big deal with going to the printer and back? A trip to the printer is under 60 seconds. Well, most of the time. Sometimes the printer jams or a chatty co-worker with a cup of coffee in hand wants to share some news. It’s not easy to extract yourself, run back to your computer, and lock your screen, is it? Now that quick trip to the printer has turned into 15 minutes. And that’s 15 minutes of opportunity to have your computer accessed without permission. How many files could be corrupted in 15 minutes? How many e-mails sent on your behalf?
Reinforcement techniques, including correcting security violations, create a culture of security.
And although some might argue, annual security and awareness training isn’t mandated employee torture (we believe it should be engaging!); it serves an important purpose. That purpose is to raise the level of awareness within your organization that data compromise happens, and sometimes it’s because the opportunity has been created through disregarding the organization’s security policies.
Even if you’re not in IT or security, empower yourself to say “Security first” or “Sorry, that goes against our training” when you see others violating security policies.
Security awareness and training is mandated annually for a reason. Make an impact, reinforce learning, and hold others accountable.