Dr Peter Chadha is quoted in Management Today:
All the technology in the world is useless if your staff don’t know how to use it, or don’t feel like they need to. ‘Every company should have an acceptable use and password policy, because sometimes it will be employees who make the situation vulnerable,’ says Dr Peter Chadha, CEO and founder of the IT consultancy DrPete Technology Experts.
Ensuring policies translate into practice isn't always straightforward. Handing staff a long-winded document to read alongside reams and reams of HR policies, expenses policies, travel policies and branding policies on their first day is a surefire way to make sure it will be ignored. You have to communicate the importance of being security conscious in a clear and concise way.
A strong relationship between your tech guys and the rest of the workforce is also important. ‘You need to try and build a culture where it’s ok for people to ask for help or for a second opinion if they are suspicious about anything,’ says Ducklin. If people do give out their password to a cold caller claiming to be from Microsoft or click on a dodgy email link, it’s best that you know about it as soon as possible.