I am not sure if this has been said before, but frequent reminders with rewards ( maybe corporate recognition for the group that scores highest on the computer safety exam) or a ice social, or other little small treats that reward those do embrace what you are trying to get across. Also followed the motto praise in public, punish in private... Also a nice friendly remind is putting the IS policy on the web page that is returned when your users go to disallowed content, and then have them justify why they need that content which goes to there manager. That will stop alot of the here click on this. ( That and reading your email in rich text or text only format, not HTML) Also training your users on how to spot and report phishing attacks, etc etc. Should all base it on what threats you have experienced ( phishing, pharming, spyware/malware etc etc) and what measures you have put in place to limit that risky behaviour. Rinse wash, repeat. Z
Edward E. Ziots Senior Informational Security Engineer CISSP,Security +,Network+ From: pmaglin...@scvl.com To: ntsysadmin@lyris.sunbelt-software.com Subject: RE: Computer safety and security best practices... Date: Tue, 14 Feb 2012 13:33:02 +0000 We have an annual company policy meeting which covers ethics, sexual harassment, computer safety and best practices, etc. -Paul From: ntsysadmin [mailto:ntsysad...@rccs.org] Sent: Monday, February 13, 2012 7:16 PM To: NT System Admin Issues Subject: Computer safety and security best practices... I feel like many of the malware infections I come across could have been easily avoided if the end user was just a little better informed. I’ve wanted to put together some tutorials for staff here at the school and also for my clients, that would help them to be more security conscious while browsing the web, etc. I already have a quite a few ideas for topics to cover and some online resources that I’m looking at too, but would like to make sure I don’t leave anything out. I’d like to make this training mandatory for school staff but of course clients would have to be made to see the value of it. Do you guys already do training like this for end users or do you point them to any online materials? Thanks, Mike ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin