Scaring users into IT security

In order to get all employees to do their part in maintaining IT security, sometimes the best strategy is to simply tell them about the attacks and vulnerabilities that companies deal with.

In addition to sharing the gritty details of attempted cyber-espionage and malware attacks, the executive said it's also a key to align any threat reports with larger issues that are currently affecting the company, such as compliance mandates and data loss laws.

"Take advantage of moods; that's something that is very important to how people make choices about risk," Stewart said. "If you hit them with something after a real incident, they most often will respond before incident amnesia occurs. If you catch them at a time right after something real happens, more often than not [business leaders] will bite."

Among the other tips that the CSO offered about sharing stories from the dark side is to leave out the real names of those affected to prevent potential fallout for those involved and for the designated storytellers to play up the juiciest elements of any incidents they detail.

"Scare them with real objective data, and they will start listening, but also feel free to sexy-up the stories," he said. "If you make it interesting, people always want to know the next story, so you should also have other examples at the ready."

Another useful method for making security threats more relevant to employees at all levels is to use peers to inform them how easy it is to get victimized, according to the Cisco security chief.

For instance, a worker who was victimized in a recent attack has become a regional spokesman for talking about security threats with other Cisco employees in the EU.

"If you have someone who does something wrong by mistake, to fire them for it is ignorant, you have to consider all the details because a lot of these things can happen to anyone, and its much smarter to allow them to help you educate," said Stewart. "Make the victim your spokesperson to tell other users their story; peer pressure is a very effective teaching tool."

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
CSO WANTED
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

More about Cisco

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by Matt Hines

Latest Videos

More videos

Blog Posts