The lessons learned from cyber security incidents show that the cyber secure behaviours of employees could have reduced the impact of many of these incidents or even their mere existence. Effective “Cyber Secure Behaviours” programmes, therefore, not only ensure that employees are more aware about the cyber security risks but also change the behaviour of employees.
Behavioural change can be used to mitigate the risks of social engineering by outsiders as well as minimise unintentional insider incidents. For may organisations there is an acute need to ensure employees conduct and improve behaviours to reduce overall cyber security risks that their organisations are facing. The objectives of a programme for cyber secure behaviours should entail the following essential components:
- Create awareness of risk landscape and understanding of required actions
- Facilitate the required changes in attitudes, intentions and behaviours and actual application of the actions
- Ensure that the behavioural changes become routine
- Periodically assess and evaluate the behaviour of employees in relation to cyber security risks of the organisation
The end result: cyber secure behaviours become a habit rather than a goal.
Signpost Six provides consultancy on cyber security awareness campaigns to specifically apply behavioural change theory and models for seamless security habits, practices and procedures.