5. Repeat, repeat, repeat

Humans do not have unlimited memory space, and when there is no active attempt to retain information, it is lost over time. In addition, people forget at different rates, so it’s important to reinforce key messages frequently.

Giving employees the occasion to repeat courses or training, especially given the ever-changing nature of technology and threats from attackers, helps build solid skills and keep them strong.

6. Education vs. Punishment

IT security teams must be on the front lines, helping the rest of the organisation understand their part in changing the security culture. However, if other business units are nervous about approaching the security team, it may pose a challenge to security assurance.

Make sure your security team is comfortable with being an enabler, leads with empathy, and reflects well on your entire security program. If your team lacks these human-centric skills, you might want to provide coaching to help them learn.

By Kath Greenhough