FINAL WORD how much training they ’ ve had , if they are rushing to meet a deadline , it ’ s easy to cut corners or not be fully focused on security . So , encourage people to slow down and double-check , even if that delays things a little . It ’ s better in most cases to do something safely , rather than swiftly .
2 . Prompt rather than train
Most people must take mandatory security training each year , but there ’ s very little evidence that this has any impact on their behaviour . Instead , why not prompt people when they ’ re doing something particularly risky , using nudges or other interventions to get them to think about what they ’ re doing ?
3 . Raise awareness – but don ’ t scare people technology stacks and flag any mistakes , such as sharing personal information in public chat channels or reusing passwords across SaaS applications – and automatically nudge the person carrying out that risky behaviour to help them fix it .
5 . Reward the positive
Monitor for good behaviours and use recognition and reward to call them out to others . Your company might have an internal reward platform to use or it might be possible to get the CISO to send a thank you email ( copying in the colleague ’ s manager , of course ).
People gossip and tell stories – wouldn ’ t it be great if one of those stories was how nice the security team was ?
When informing colleagues about a new risk or threat , ensure they are very clear on how they can effectively manage that threat . There ’ s no point in telling people to avoid a no-click zero-day text message – they might not even know what that is , and even if they do , they can ’ t avoid having messages sent to them . The important thing is that they know what to do if they see something suspicious .
4 . Watch for mistakes – and help colleagues fix them
Tired and stressed people make mistakes – and just telling them not to or shouting at them if they do doesn ’ t fix anything . An effective human risk management platform will integrate with the current
To ensure robust data protection , a comprehensive , multi-layered approach to security should be adopted .
Proactively managing human risk in real time promotes secure behaviours , minimising the impact of human errors .
This is best achieved by working with human risk management providers , who understand human behaviour and have developed solutions to coach employees in the moment and automatically fix risks before they escalate into issues .
Through this process , employees gain insights into the evolving threat landscape and gain the necessary tools to respond adeptly when needed . p
72 INTELLIGENTCIO LATAM www . intelligentcio . com