10 Tips to Embed Positive Information Security Behaviors in Employees

For decades, companies have attempted to educate employees on security awareness. However, these efforts have largely failed. Instead of merely seeking to give workers knowledge, you need to embed behaviors that reduce information security risk.
  • 1 of 11

Image courtesy Thinkstock

For decades, organizations have spent millions attempting to educate employees on security awareness. The results have been marginal, at best, according to the Information Security Forum (ISF) a nonprofit association that researches and analyzes security and risk management issues.

"A really small percentage of organizations are able to say they've reached a heightened level of security awareness or positive behaviors that they're really striving for," says Steve Durbin, global vice president of ISF. "If what we're currently doing from an awareness standpoint isn't working, what do we need to do to be more effective in this space?"

The answer, he says, is to embed positive security behaviors into your business processes. Here are 10 principles that can help.

Return to slideshow
Join the discussion
Be the first to comment on this article. Our Commenting Policies