In the past two weeks I've done three different security seminars with three different organizations and their security staff. The one trend that continues to surprise me, and was confirmed at all three events, is that most employees still do not realize they are a target. I continue to be surprised as this, as I thought with all the media attention, both in peoples' lives and at work, they would realize they have value, bad guys are after them. Based on what I'm seeing that is not the case.
That does not bode well when securing the human element. To change peoples' behaviors we need to engage them, and we will never achieve that first step until they realize they are a target. If you are looking to secure your employees, contractors and staff, the first question you have to answer is do they even realize they are a target? If not, then do not even bother trying to teach them how to secure themselves. Instead explain to them who is targeting them, how and why. Once you have their attention, then you can begin changing behaviors.
Lance Spitzner is the training director for SANS Securing The Human. To learn more about human security, visit http://www.securingthehuman.org/resources.
That does not bode well when securing the human element. To change peoples' behaviors we need to engage them, and we will never achieve that first step until they realize they are a target. If you are looking to secure your employees, contractors and staff, the first question you have to answer is do they even realize they are a target? If not, then do not even bother trying to teach them how to secure themselves. Instead explain to them who is targeting them, how and why. Once you have their attention, then you can begin changing behaviors.
Lance Spitzner is the training director for SANS Securing The Human. To learn more about human security, visit http://www.securingthehuman.org/resources.
No comments:
Post a Comment