Any business over 500 employees generally has an induction day. Which, let’s face it are usually pretty dull and jam packed full of do’s and don’ts of what you should and shouldn’t do. What’s worse, they tend to happen months after your employee’s first day.
So three key issues with induction days:
- They are dull
- They have way too much information; half of which is forgotten almost immediately
- Employees have already established their bad habits way before they take place, making it almost impossible to get them ‘straight’ again
These three points alone are disastrous to the security team, mainly because security is a small segment of a day long induction. It’s passive learning; some people might spot it but most wont, and a lot who do spot it will believe it’s not relevant to them.
The only foolproof solution to driving security policy into your employees from day one is to put security right at the heart of everyday routine, much like wearing your car seat belt.
Sounds simple but how? By simply ensuring your employees apply your data classification policy at the point of saving a document or sending an email using data classification software. Doing this forces them to make a decision on how relevant that information is to the security of the business.
So, on that Monday, when your new starters arrive they will start to learn about your organisations security policy right from the very first email they send, creating the catalyst for a strong security culture in the future; not 6 months later when they are finally forced to go and sit in a meeting room and take the mind numbingly boring 3 hour induction course. By that time it might be too late to have prevented and inadvertent data breach, and potentially saved organisations a significant sum of money in penalties and remediation costs.
You can see the positive effect Boldon James Classifier has had on security culture at Allianz here in our case study.