MARINA DEL REY, Calif. — Winn Schwartau, founder of security awareness training firm The Security Awareness Company and information warfare conference series InforwarCon, had a message for attendees of the annual Content Protection Summit Dec. 5.
“One hundred percent of security breaches, security problems, is a people problem,” he said during his keynote address “How to Make Your Security Awareness Program FAIL (and then SUCCEED!).” “It’s not technology.”
Schwartau has made a science out of security awareness programs, and said he believes too many organizations make too many of the same mistakes when preparing those programs for a modern workforce.
“Today we don’t have people tied to their desktop like we used to,” he said. “If you want to reach those new audiences … you have to do it with a mobile focus.”
Don’t shy away from casual language in security awareness program materials, he added. Relay your messaging the way people speak. “You have to speak in their language,” Schwartau said. “You have to relate to your audience.”
Be receptive to feedback around the security awareness programs, and ask them what resonates. Ignoring your employees’ input is a great way to have them ignore the materials, he said.
Give out freebies around the program. Make the materials easy to get. Use games to get people involved. And don’t be afraid to use humor (think “security cats”) to get people involved in the security programs.
“Put cheat sheets in the bathroom,” Schwartau said, laughing.
Too often, security awareness programs fail because the language and methods used ignore the science of human behavior, and what sticks with us, he said. Making the materials dull, boring, about nothing other than policy and compliance, and failing to test behavioral reactions are all great ways to make sure your security awareness program falls flat, he said.
The 2018 CDSA Content Protection Summit was presented by SafeStream, and sponsored by EdgeScan, Microsoft Azure, LiveTiles, Aspera, Amazon Web Services, Convergent Risks, Dolby, Illumio, NAGRA, EIDR, the Trusted Partner Network (TPN), Videocites, Human-i-t, Telesoft and Bob Gold and Associates and is produced by the Media & Entertainment Services Alliance (MESA) in association with CDSA, the Hollywood IT Society (HITS), Smart Content Council and Women in Technology Hollywood (WiTH).