A constant barrage of data breach stories, including some about the U.S. Government, is a reminder high-cost, high-tech solutions do not necessary create a culture of security. Changing the attitudes and awareness of all employees and making small improvements over time are the keys to a strong culture of workplace security.

To continuously improve workforce security interactions, enforce policies and immediately call out and correct violations.

Here are some examples.

Screen Locking

Policy: When an employee steps away from a computer, he/she should employ the screen lock.

Reinforcement: Unannounced walk through inspections. Lock screens and leave notes next to those workstations that were found unlocked.

Divulging Passwords

Policy: Employees should never share account passwords with anyone.

Reinforcement: Walk through areas and look for written passwords under keyboards, on monitors, or written on whiteboards. Lock the violating user’s account, tell them why, and ask that they reset their password.

(Also offer methods for storing password securely, memorizing them, and/or using a password manager.)

Tailgating

Policy: All employees must swipe in with their own badge when entering the secure spaces.

Reinforcement: Tell an employee who is poised to “tailgate” to use their badge.

Sensitive Discussions in Non-Secure Spaces

Policy: No discussions of sensitive projects or information in non-secure spaces.

Reinforcement: Immediately stop the conversation. “We shouldn’t talk about this here; let’s move this discussion to the conference room.”

To improve security awareness, include tips alongside other announcements or events.

Does your organization have a monthly employee newsletter? Include a security awareness section and some practical how-to tips. Sign up for our free monthly cyber tip to help you develop a cyber awareness section to add to your employee newsletter.

Employee all-hands meeting? Take a few minutes to talk about cyber theft and fraud affecting similar organizations. If you need ideas for stories to share, check out our Cyber Roundups.

Company luncheon? Do a team building exercise where employees attempt to thwart social engineering attempts for their password or access to a computer.

We hope you will make use of these low-tech security awareness tactics to continue to improve the culture of workplace security. After all, a security-minded workforce equates to both a strong first-line defense against cyber attacks and protection of your resources and information.