Punishment is evident in all aspects of our life to everything from getting drivers to stop speeding, to getting the dog to not bark at the mailman. Because of this, it is no wonder that several go to punishment when wanting to change user behavior. While punishment is a very powerful tool- that can produce almost immediate change in behavior- it is very hard to control and very hard to maintain. For these reasons, I rarely recommend using punishment when …
Read more »
Imagine that you are the head of security awareness at an organization (not a stretch for some) and have been charged with getting people to report issues to the help desk. You decide, in your infinite wisdom, to encourage them to report issues to the help desk by giving them $1 each time they report a valid problem. The week after implementing the new reward program the number of issues reported to the help desk has increased 100 fold. You …
Read more »
Last month we talked about how to create a successful security awareness organization architecture by first assessing the culture. More specifically, in order to change behaviors you first need to (a) identify the key problem behaviors, (b) find out why they are occurring, and (c) identify the holes in the current training. Simply put, you need to know your organizations culture specific problem before you can do anything about them. So what’s next? Well now that you know the what, …
Read more »