How security aware
is your business?
Creating a workforce that is security aware is the first step to managing your risks and improving your business’s protection. G4S Academy experts, Yannick De Smet and Steen Sørensen have published their latest guide on assessing your organisation’s security awareness.
07 Jul 2021
Being security aware means that your people understand the threats facing your organisation and its assets, but also what vulnerabilities exist within your business, which these threats may target. Put simply, it’s both the knowledge they have of the important security measures in place to protect themselves and the organisation, and the attitude they have towards implementing and adhering to these processes.
By raising awareness and influencing attitudes towards security processes, you will increase vigilance, reduce security risk and improve your overall protection. But this also reinforces security processes by reducing the risk of human error.
Security as a protection measure is a process, and one of the reasons processes fail is often due to human error. In fact, studies show that human error is a major contributing factor to security breaches and it has been determined that in information security, human error accounts for up to 53.5% of cyber breaches caused by preventable employee error, or sometimes sabotage from within a company.
By raising awareness and influencing attitudes towards security processes, you will increase vigilance, reduce security risk and improve your overall protection. But this also reinforces security processes by reducing the risk of human error.
Security as a protection measure is a process, and one of the reasons processes fail is often due to human error. In fact, studies show that human error is a major contributing factor to security breaches and it has been determined that in information security, human error accounts for up to 53.5% of cyber breaches caused by preventable employee error, or sometimes sabotage from within a company.
By raising awareness and influencing attitudes towards security processes, you will increase vigilance, reduce security risk and improve your overall protection.
Assessing security awareness
In order to assess your security awareness, you must first rate your stakeholders’ knowledge of the existing threats facing your organisation, and of the various measures in place to counter these, as well as their overall attitude towards these.
Security awareness can be categorised in four types:
Cognitive threat awareness - how knowledgeable are they about the threats facing your organisation?
Attitudinal threat awareness - what is their attitude towards these threats?
Cognitive mitigation awareness - how knowledgeable are they about the various measures in place within the organisation to counter these threats?
Attitudinal mitigation awareness - what is their attitude towards these important measures?
For example, if you consider the risk of theft in an organisation, you could assess your business’s security awareness by rating your internal stakeholders on how well they understand the value of the organisations’ assets and their awareness of the methods thieves may use to steal these. You would also have to rate their attitude towards the importance of this risk and whether they see it as not only critical to the organisation, but also to themselves.
You should then rate their awareness of the measures in place to mitigate this risk of theft, as well as their attitudes towards adhering to these important protocols at work.
You can read more about this method from G4S experts by downloading their latest guide here.
Security awareness can be categorised in four types:
Cognitive threat awareness - how knowledgeable are they about the threats facing your organisation?
Attitudinal threat awareness - what is their attitude towards these threats?
Cognitive mitigation awareness - how knowledgeable are they about the various measures in place within the organisation to counter these threats?
Attitudinal mitigation awareness - what is their attitude towards these important measures?
For example, if you consider the risk of theft in an organisation, you could assess your business’s security awareness by rating your internal stakeholders on how well they understand the value of the organisations’ assets and their awareness of the methods thieves may use to steal these. You would also have to rate their attitude towards the importance of this risk and whether they see it as not only critical to the organisation, but also to themselves.
You should then rate their awareness of the measures in place to mitigate this risk of theft, as well as their attitudes towards adhering to these important protocols at work.
You can read more about this method from G4S experts by downloading their latest guide here.
Optimising security awareness
By gathering as much information and data as possible about the threats that face your organisation, and the success of the mitigation measures you already have in place, you will be able to clearly identify your organisation’s security awareness needs.
With these needs in mind, as you rate your cognitive and attitudinal awareness of threats and mitigation as explained above, you will not only be able to clearly assess your current awareness levels, but also identify some of the gaps you’ll need to fill to increase your protection.
A thorough assessment will help you to address your awareness gaps by setting up a security awareness programme that aligns your actual awareness with your expected awareness. As a start, setting up training or issuing further employee communications can go a long way in terms of increasing awareness, keeping people engaged with your security programmes, and reducing risk.
In their latest guide on security awareness, G4S experts provide further instructions on optimising your organisation’s security awareness. Click here to download the full guide
With these needs in mind, as you rate your cognitive and attitudinal awareness of threats and mitigation as explained above, you will not only be able to clearly assess your current awareness levels, but also identify some of the gaps you’ll need to fill to increase your protection.
A thorough assessment will help you to address your awareness gaps by setting up a security awareness programme that aligns your actual awareness with your expected awareness. As a start, setting up training or issuing further employee communications can go a long way in terms of increasing awareness, keeping people engaged with your security programmes, and reducing risk.
In their latest guide on security awareness, G4S experts provide further instructions on optimising your organisation’s security awareness. Click here to download the full guide