How to educate your staff about security
You can't solve every security problem at once with what amounts to a PR campaign. You can't even come close, so what you must do is avoid the sickness known as scope/feature creep. What you are trying to do is pick two or three top issues, and educate the user community about those two or three issues. In our case, we went with phishing, laptop/mobile security basics, and locking your screen when you leave your computer. That does not mean discussing PGP vs. NTFS native encryption, or who has the better passphrase generators. Those are interesting, but weren't germane to our main focus, and so they didn't make the list.
[ Read more ]