Three Ideas to Encourage Employee Net-Cops

Here are three quick ideas about how to encourage your employees to be better “net cops”:

1. Make sure they know who to report suspicious behaviors to and never, ever punish anyone for doing so. Make sure you give them a place to drop anonymous notes too, if that is appropriate for your program. Teach them how to report suspicious emails, calls and information requests. Create an ongoing program reminding them about how to do so.

2. Incent them to report suspicious behaviors. Create an email forward box for spam, phishing and other types of suspicious email. Enter the first people to report each sample into a monthly or quarterly drawing for movie tickets or some small prize. Not only will you get people interested and get more insight into your security posture, you just might learn more quickly when a spam or trojan attack is under way.

3. Hold a security day where you have games and such that back up these ideas. Focus on teaching your people how to recognize social engineering and such and how to report it. Use the opportunity to remind them about the other ideas above. Have some swag made for them that talks about how each of them is a “security agent” or “on the front lines” “investigating threats against your customer’s data” or the like. Get marketing and HR involved to create something memorable.

What ideas do you think might get people focused on noticing when bad things are happening? How does your organization encourage your staff to be better detectives?

This entry was posted in End-user Focused, General InfoSec by Brent Huston. Bookmark the permalink.

About Brent Huston

I am the CEO of MicroSolved, Inc. and a security evangelist. I have spent the last 20+ years working to make the Internet safer for everyone on a global scale. I believe the Internet has the capability to contribute to the next great leap for mankind, and I want to help make that happen!

Leave a Reply