September 27, 2021

Building a successful security awareness program Part 2

Written By Robert D. Sollars

Want to unsubscribe? Sorry to see you go but…Send a blank e-mail with unsubscribe in the subject line to [email protected]

This is the second post, and last, in this series and hopefully it’ll assist you in getting the best out of your employees and/or security officers to protect the facility, employees, and assets.

Training process:
One way to increase security awareness with the employees is with Safety/security posters. They have been around for decades and used a number of cartoon characters to get their point across in a humorous way. They have a tendency to lose their luster after a few weeks and their effectiveness evaporates soon after.
The overall problem with posters is that they aren’t rotated. They stay up for months on end without rotation. Therefore, the only ones who are affected by these are new hires or those who transfer into the facility.
Another way to train employees is through the monthly or quarterly meetings that you, the security professional and management, should be conducting. A short 5-minute presentation from someone outside the organization can be very effective.
Having a police officer, domestic violence counselor, or someone with a similar background will be listened to, probably better than members of the dreaded ‘Gestapo’ staff. Usually, these kinds of people can be had for next to nothing for a few hours, and you don’t need them that long.
In the past training was conducted in longer full-length training in which employees quickly lost interest. But in 5-minute bursts…No matter the mission of the organization, keep these training sessions short. If they run longer for questions & answers that is a good thing and should never be discouraged no matter the time limit.
One of the last things you can do to increase interest in security awareness training and have your employees is to show them how it actually affects them when security isn’t “tight as a drum”, as it is in the normal perception. If it’s in the IT department, then show them the information that can be stolen from your computers and how it could affect their jobs…bankruptcy, ransoms, and etc.
Likewise, with all other people, no matter the facility or organization, show them what theft and possibly workplace violence can cost them. Crying children, grieving spouses, & distraught elderly parents can be a huge factor in their acceptance of your program. With theft from the organization…loss revenue and fewer resources for other things such as pay raises, improvements, and etc.
One item to consider is using actual incidents or events from your city or region of the state. If you live on the border of 2 states then it is perfectly acceptable to utilize an incident from Wathena Kansas in St. Joseph Missouri or Pittsburg Kansas to Joplin/Springfield Missouri.
Another of these is demonstrations and role-playing during the sessions. Most WPV incidents are over within 3-4 minutes of their start. Basically, this means in the time it takes to conduct the security meeting everyone in the room could be dead or dying, which could be very sobering to anyone.
Use written tests with a reward for filling them out and submitting them. It won’t cost the company that much to offer sandwiches at a local burger joint or a free lunch. You don’t have to grade the test, just see if they get what’s being taught.
Lastly, a simple suggestion box may be helpful. Yes, an old-fashioned suggestion box or a digital equivalent. This can be for questions they may be afraid, or embarrassed, to ask in front of their peers. Or to turn in someone for some wrongdoing, or suspected, or potential security issue. It just has to be taken with a grain of salt for obvious reasons, especially if there is still a trust issue.

In the first part of this series, I gave you the 2 most pressing needs of an awareness program, the presenter, and if you have trust within your organization. This final part is important because if your supervisory people don’t buy into it then you are lost…
Supervisory & management role:
This means anyone within the organization that has or does exert control over one person or group of them. It doesn’t matter if it is only 2 or 1,000 people that are controlled. This also goes for their title…from lead to the director. They have just as much responsibility for ensuring the success of your awareness program as your people do.
It is their responsibility to follow up and follow the rules with no exceptions for anything. If these people view security as a necessary evil, then that’s what they will convey to their subordinates, even if it is subtle body language. Whether this is done overtly or covertly doesn’t really matter.
They need to buy into the program as they would any other initiative of the organization. And they need to do it completely. They may need a bit more training as to why it’s so important…such as opening and leaving open a door that’s supposed to be locked at all times. Because just this once leads to other times and can eventually leaving it consistently open as policy.
In my career, I have seen this innumerable times where the managerial people didn’t think they had to follow the rules. Sometimes it was their “I’m a supervisor and I can do this” or wanting to get in good with their subordinates by attempting something they knew they weren’t supposed to do & letting security be evil.
If they let security slide or are lax to enforce rules or follow them, then their subordinates will also not follow them and the entire program goes down the tubes. And this could potentially be catastrophic for the organization & unfortunately, in my experience, it won’t be noticed until an incident has occurred.
Hazards in today’s world range from:
• workplace/school violence, which of course a perpetrator would absolutely love an unlocked & open door to sneak through.
• Theft of property, both real and intellectual, which can be hazardous to the organizations’ bottom line.
• Visitors, and criminals, wandering in and getting hurt which is another area of immense liability.
And this list could go on ad nauseum.
The key in all of this is not necessarily the training or being overly dramatic in presenting it, but in the buy-in by management. If they don’t buy into the program by scoffing at it as so much hoopla to clog their day or decide that they don’t have to follow the rules and can do what they want, then your hard work is nothing more than cow patties on the floor. “Do as I say, not as I do” can be devastating including security.
I have seen this at more than a few organizations where supervisory personnel felt this way. They broke security policies/procedures at practically every chance they got because “they were a supervisor.” Then when contract time came around…they wondered why they weren’t trusted.
The absolute point to these two posts is simple; All people within the organization, need to buy into it. While not overstating it, the world is a dangerous place and it is everyone’s responsibility to keep everyone safe, if possible, even if it is disliked for any number of reasons. In order to do that, despite arrogant boasts, we need help from the people we are tasked to safeguard to help keep them safe. As I said in the very beginning, sometimes it’s not easy to do, especially if there are trust issues between different levels of the organization. As security & management professionals, it is dependent on us, to ensure that it works for the benefit of everyone.
It happens to Anyone…Any Time…Anywhere… For any Reason
I May Be Blind, but My Vision Is Crystal Clear
Permission to share? Of course, with full attribution.
Copyright 2021 Robert D. Sollars

Uncategorized
About svpAdmin

Leave a Reply

Your email address will not be published. Required fields are marked *

Call Now ButtonCall Now!