Building a Culture of Security
Establish a Training Plan
Once you have developed and committed to a plan, think about how you will train all staff (and volunteers) on these new best practices. Requiring regular training - and making attendance of training mandatory and an evaluation point for staff performance reviews - can be a helpful tactic. Avoid creating harsh, negative consequences for staff who struggle with security concepts. Keep in mind that certain staff may adapt to and learn about technology differently than others based upon varying levels of familiarity with digital tools and the internet. A fear of failure only further disincentivizes staff from reporting problems or seeking help. However, creating positive accountability and rewards for successful training and adoption of policies can help incentivize improvement across the organization. You may find additional valuable support through local or international digital security training networks and free training resources such as the Umbrella app from Security First, the Totem Project from Free Press Unlimited and Greenhost, and the Global Cyber Alliance Learning Portal.
Consider how your training plan can reach party-affiliated MPs, local politicians, and notable members as well. Politicians and prominent members often require even more training and attention when it comes to security! For example, they may introduce additional assets (that introduce their own vulnerabilities) like personal campaign social media accounts, or government-issued devices. Ensure that your training plan and security plan apply to these individuals and any assets they may have both inside and outside of the party.
- Schedule regular conversations and trainings about security and your security plan`
- Get everyone involved - distribute responsibility for implementing your security plan across the entire organization.
- Ensure leadership models good security behavior and a commitment to your plan.
- Avoid fear tactics or punishment - reward improvement and create a comfortable space for staff to report problems and seek help
- Update your security plan annually or after major changes in the organization