Cyber security and compliance are two subjects that have only become part of an organisation’s “business as usual” activity in the last ten years. However, the dissemination of this knowledge amongst the staff and contractor population within the organisation has proven to be a big problem. This is due to a multitude of reasons, but the biggest obstacle in increasing user awareness of cyber security and compliance is the fact that the subject matter is dull and boring. This means that there is a natural aversion to this subject matter among users and management. The organisation does not help with an inconsistent approach to communication, be it via email or Intranet as well as the low quality of eLearning courses.
At MetaCompliance it is our belief that the organisation should recognise these natural barriers to changing behaviour and meet the user population half way by having recognisable, repeatable and high quality communications on cyber security and compliance.
It is also important to take a risk based approach to user awareness as opposed to a blanket approach. The correct amount of effort needs to be expanded in order to target high risk user groups with relevant and high quality knowledge transfer mechanisms which can be in the form of policies, prompts and eLearning. By making it easier for the user to engage in information security, compliance policy and learning activities, the organisation are ensuring that best practices are followed and that problem users are given the necessary attention for non-participation.
A blended approach to staff awareness is required which brings together high quality eLearning, best in class automation and support from experience awareness professionals. We have combined our solution into an Integrated User Awareness Management solution. For example, clients will have the option to take up a module such as phishing which helps promote how to avoid human error or even learn how to adopt a more comprehensive approach to changing their internal culture of cyber security and compliance.