Improving user security behaviour

Many organisations suspect that their internal security threat is more pressing than their external security threat. The internal threat is predominantly the result of poor user security behaviour. Yet, despite that, security awareness programmes often seem more likely to put users to sleep than to improve their behaviour. This article discusses the influences that affect a user's security behaviour and outlines how a well structured approach focused on improving behaviour could be an excellent way to take security slack out of an organisation and to achieve a high return for a modest, low-risk investment.