By Jason Hoenich on Jan 15, 2019
If you’ve created a security awareness training program, it’s time to drive the message home by embracing the ambassador.
After all, you know that security awareness is about more than hiring the best IT professionals and installing the most highly rated security software. It’s about people—and making sure those people are equipped with the knowledge and tools to choose the best passwords, report phishing emails, and use public Wi-Fi sensibly.
The best way to guarantee lasting change and habit adoption is by launching a security awareness ambassador program.
What do ambassadors have to do with security awareness?
Security awareness is all about creating a workplace culture of security, educating employees on healthy habits and the right security behaviors, and giving employees the tools to strengthen the human element of security risk.
Shifting to a culture of security is no small task. It means changing people’s attitudes, values, and beliefs through habit change, which requires reinforcement, encouragement, and time.
What is a security awareness ambassador program?
But wait. You’re really busy, and time isn’t something you have to spare—and you’re not alone. According to SANS, just 7 percent of security professionals dedicate 100 percent of their work hours to security awareness. The truth is that the majority of security professionals are able to dedicate only 50 percent or less of their time to awareness.
So how do you reinforce and encourage your workforce? Ambassadors! While you’re busy managing your company’s security infrastructure, an ambassador program engages and empowers select employees to champion security culture by:
- Answering security-related questions
- Surveying employees about security awareness
- Organizing lunch-and-learns and gatherings
- Manning convos on Slack or intraoffice comms
- Distributing inspired training materials
- Delivering feedback to the security team
- Participating in ambassador training and forums
What are the benefits?
Ambassadors help you reach your goals faster and more efficiently, which can help you grow your program more easily. A program also helps you focus on mission-critical tasks while not wasting the hard-earned time you spent on your security awareness training. Some other benefits include:
Low cost/no cost
If you think you need a big budget to run a successful ambassador program, think again. When ransomware attacks are predicted to cost $11.5 billion in 2019, the cost of a security awareness ambassador program is priceless, and the ROI is boundless. You can run your program for nothing—or very little if you intend on offering small incentives such as gift cards or swag.
Gain trust more easily
Ambassadors are embedded in the day-to-day, so employees are more likely to listen to their colleagues than the IT guy. This, in turn, means people will grow to trust IT and the security team and be more interested in adopting healthy security habits. The more people trust the security team, the more readily they’ll accept that security affects everyone and practice healthy security habits in the future.
How do I get started?
On top of needing to secure buy-in for your ambassador program, you’ve got to find the right employees to serve as ambassadors. The ideal ambassador should have most—if not all—of the following characteristics:
- An interest in cybersecurity
- The ability to devote 2-4 hours per month, plus extra time for training and special initiatives
- An eagerness, enthusiasm, and excitement about being an ambassador
- Strong communication skills
- The ability to commit to being actively engaged with the program
- An OK from their supervisor to participate
Ready to kick-start your ambassador program? Download our Security Awareness Ambassador Program Strategy Guide for an eight step guide on how to set up your program, ways to recruit and retain ambassadors, and expert advice on naming your program, gamification, and more.