1. Unambiguous Rules – Put the policy in writing. Send out reminders. Make compliance easy.
Examples:
• Block off-limit web sites.
• Place shredders where they are needed.
• Configure Wi-Fi systems automatically force compliance.
2. Consequences – Educate employees about the consequences of poor security practice. Explain how it affects the company's stability, and consequently, their jobs. Establish consequences for not following the policy.
3. Unobtrusiveness – Do not establish a security policy which either hinders productivity, or is ultimately unenforceable. Find a better way to achieve the security goal. Work with employees and they will work with you. ~Kevin
