"Then you can let them know that they have fallen for a mock phishing attempt. It makes them think twice about opening those emails," says Eisenberg; "as much as we educate people, a lot of them don't know about phishing." The enterprise must include specialized education about phishing for executives and engage them as well. "It's easy to locate and target executives whose names are on public websites. LinkedIn has made it easy for hackers to perform reconnaissance of the enterprise," says Eisenberg.
Make It Personal
Select people from among employees to become security champions. Empower them to help their peers in the environment. Recognize employee success, both in roles as champions and as advocates of security. Use games and contests to reinforce methods for securing the environment. Enable employees to submit ideas and methods to improve processes and behaviors for good security practices.
"Help people with something they are concerned about in their personal lives. Share a one-pager with several methods to protect their credit card information at home and throughout their lives. The goal is to establish protection for their personal information, but it all applies to the organization as well. Build that win-win approach into the colleague community," says Eisenberg.
By learning to stimulate what drives people and to harness that drive, any enterprise can sharply curb bad security habits.
Sign up for Computerworld eNewsletters.