Going from security awareness to security readiness starts with measurable behavior change. At Elevate Security, we believe there are fundamental behaviors. With a metrics-first approach, your team can start with a baseline to benchmark current gaps in your security culture, and how, when or if those gaps close as your security awareness program goes on.
Elevate Security's recommends that you start out with the initial building blocks. These first three behaviors are across three different security behavior change goals:
Phishing Detection | Phishing Reporting
One of the key goals in a phishing program is to increase your reporting rate. This behavior will help employees build the habit of reporting phishy communications to your security team to ensure they are catching what may slip through your detection systems.
Using the Internet Safely | Malware Detection
One of the key goals in a safe internet usage program is to reduce the number of dangerous downloads per week. This behavior will help employees learn about what browsing patterns they have that might be dangerous and how to recognize a malicious download.
Password Hygiene | Password Manager Usage
Use of a password manager is a best practice to ensure that employees are not using simple or repeat passwords. Communicating the value of a password manager will increase usage and protect your employees at work and home.
Each of these behaviors has a clear call to action for your employees to empower them to be security superhumans, a front-line of defense against the 90% of incidents and losses that try to exploit human behaviors.
As you evolve your program, you will want to add more behaviors based on the priorities of your organization.
More information about how to evolve what you measure can be found in the Best Practice Guide: How to Evolve What You Measure.