These programs provide better protection of organisational assets by:
- Helping employees recognize and respond appropriately to real and potential security concerns.
- Providing fresh, updated information to keep your staff current on new risks and what to do about them.
- Making employees, contractors, and business partners aware that the data on their computers and mobile devices, USB drives, smart phones, etc. are valuable and vulnerable.
It also improves staff morale by:
- Providing information that is personally useful to your staff, such as how to avoid scams, fraud, phishing, and ID theft. Information on how to protect home PCs and how to use e-mail and the Internet safely lets employees know that your organization cares about them. Building good computing habits at home is as important as building those behaviours at work. Secure computing habits will transfer across environments.
- Rewarding good security behaviours and those who stand up for security. Recognition for doing something well boosts morale.
It saves money by:
- Reducing the number and extent of information security breaches. The sooner a breach is identified, the lower the cost of addressing it will be. Direct costs (e.g., cost to recover data lost or altered during an incident, cost to notify customers of breaches, fines for non-compliance) and indirect costs (e.g., lost customers, lost productivity, time spent investigating/resolving breaches and hoaxes) will decrease.
- Providing savings through coordination and measurement of all security awareness, training, and educational activities while reducing duplication of efforts.
It provides the organization a competitive advantage and protects reputation and brand by:
- Showing customers that the organization cares about protecting its information. The goodwill that Johnson and Johnson received when management made a decision to protect customers by pulling Tylenol off the shelves when some packages were found to contain poison was enormous.
- Preventing the negative press that can result from security breaches, especially in light of the upcoming mandatory breach legislation.
It protects customer and corporate information by:
- Building a culture of security competence. Motivated employees, contractors, and consultants improve their behaviour and incorporate security concerns into their decision making.
It reduces the potential for fines by:
- Improving overall compliance with your organization’s information security policies, procedures, standards, and checklists.
It reduces the potential for lawsuits by:
- Demonstrating a corporate concern for security and a process for ensuring that the workforce will provide adequate protection for information assets entrusted to its care.
It reduces executives’ exposure to prosecution by:
- Ensuring that they understand that they are legally responsible for the integrity of the organization’s information assets.
- Demonstrating management’s commitment to secure information resources.
- Allowing the organization to comply with regulations that require information security awareness and privacy training
It facilitates legal action against noncompliant staff by:
- Documenting the requirements and individual’s acknowledgment of the organization’s security policies.
