Now Available:

line

Featured Resources:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Rebecca.

« Another Information Security Awareness Method | Main | Avoid Some Common Email Pitfalls »

Could I Have a Side of Fries With That Security Please?

There's a pretty good McDonald's commercial that started running recently. It shows two guys looking down at the office area on the floor below saying something like, "Janet's so lame. She only buys McDonald's for everyone so they'll do her work for her." Then the other guy says something like, "Yeah, it's disgusting." Then they both take a bite of a McDonald's sausage McBiscuit, and then one says something like, "Well, we'd better get busy doing Janet's invoices."

Yes, they have got it right...food and trinkets are something that are great motivators for employees! Give people something they like, and they will often return the favor and do something for you.

Food, trinkets, and other semi-precious valuables can be used quite effectively in awareness activities.

Not everyone will like you doing something like this...you can't please all the people all of the time. But everyone WILL notice it and likely talk about it.

And that is the point of awareness. Making people think about an issue, and better yet, discuss it with their co-workers.

Now, I'm not saying you should go out and buy McDonald's biscuits and burgers, attach a security or privacy motto to them, and hand them out to everyone. Not only would the vegetarians likely be upset, but what company has an information security education budget to be able to afford that? Unless you could get the local McDonald's...or Culver's (my personal preference), or Dairy Queen, or Subway, or whatever...to donate enough of their tasty tidbits. Hmm...there's an idea...

Whenever I've organized awareness activities that included handing out some sort of take-away for the people involved, it was always successful in raising awareness.

One time I arranged to have an image of the company's information security mascot printed on the wrappers of chocolate mints, butter mints, and some sugar-free mints (with a different-colored wrapper). We bought a huge amount of these in bulk, thus getting them at a much discounted price, and were able to use them for multiple awareness activities throughout the year. Yes, they were yummy.

As I watch that McDonald's commercial now I imagine that instead of sausage biscuits someone is wandering through the office building telling people, "I'll give you some security candy if you don't post your password....if you encrypt the data on your laptop...if you shred confidential papers when you throw them away..."

Yes, in many ways that is the same as the McDonald's commercial; we are asking the other employees to, in effect, do our jobs...to protect the information assets of the company. After all, we CAN'T be successful in our information security and privacy initiatives if we DON'T ask personnel to also be data guardians in partnership with us.

Tags:              
 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold on June 7, 2007 1:00 AM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-itcompliance.com/type/mt-tb.cgi/432

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Rebecca Herold's Bio:

Rebecca Herold,CISSP, CIPP, CISM, CISA, FLMI, has been providing information security, privacy and regulatory assistance and services to organizations from a wide range of industries for over 18 years. Rebecca was instrumental in building the information security and privacy program while at Principal Financial Group, which was awarded the CSI Information Security Program of the Year Award in 1998. IT Security ranked Rebecca as one of the top 59 IT security influencers, and Computerworld put Rebecca their list of the 25 top privacy experts and on their list of the 9 best privacy consulting firms. Rebecca has been CPO for two consulting organizations, and has had her own information privacy, security and compliance business since 2004. Rebecca has written chapters for several books, dozens of articles, and has been writing a monthly privacy column for the CSI Alert newsletter since the beginning of 2001, and is working on her 11th book. Some of her other books include The Privacy Papers, Managing an Information Security and Privacy Awareness and Training Program, The Definitive Guide to Security Inside the Perimeter (Realtime Publishers), The Shortcut Guide to Improving IT Service Support through ITIL (Realtime Publishers), and The Practical Guide to HIPAA Privacy and Security Compliance. In addition, Rebecca is the leader of The Realtime IT Compliance Community where she posts to her IT Compliance weblog. You can contact Rebecca at: rebecca_herold@realtimepublishers.net.