Staff who have the knowledge, skills and capability to practice good security are fundamental to developing and maintaining a positive security culture.
The mindset, knowledge and behaviour of your staff can have a real impact on the risks and vulnerabilities of your organisation. This is driven by a strong, well-developed security education and training programme which needs to be a continuous process. Training should be present and prioritised at every stage of the employee lifecycle. Regular security training helps to ensure that strong security practices are part of the fabric of your organisation.
Effective induction training
Applying a strong security culture begins on day one. A new employee’s induction is the perfect opportunity to introduce the desired security mindset of your organisation and embed strong security culture. Staff who join an organisation that highlights the importance of positive security behaviour are more likely to reinforce these behaviours as part of their ongoing routine. As new staff become more experienced, these behaviours will be passed down to subsequent new starters, where the cycle continues, enhancing the wider organisational security outcomes.
- Equip new staff with the knowledge, skills and abilities to practice good security from the beginning. Security education should be iterative, so staff are not overwhelmed; focus initially on security practices that new starters need to know immediately and grow their understanding over time.
- Give new employees the ‘why’. New staff may have a limited understanding of why aviation security matters. A meaningful induction programme that defines why security is important to your organisation and to the aviation sector can help new staff to understand why they need to develop a security conscious mindset. This sets the foundation for more advanced lessons as your staff develop their security knowledge and understand the organisation’s security goals. This buy-in requires the organisation to provide the solutions for new employees to embrace.
- Consider how to best communicate security messages to new staff. Set a journey of education over the lifecycle of staff and customise messages to the needs of different positions. Keep training materials engaging and interesting and encourage questions.
Regular refresher training
Regular refresher training provides an opportunity for staff to review and renew their knowledge of security matters, update their awareness of new policies and procedures, and to understand new and emerging threats and risks. Reinforcing key security messages and providing updates on best practice ensures staff remain regularly engaged with security matters. Refresher training means moving beyond basic compliance-orientated training; the objective is to motivate staff to proactively reach security objectives, rather than simply following the rules.
As part of your refresher training:
- Review what has changed recently in your organisational security policies, check if any new guidance applies, and make sure staff are updated in the latest developments.
- Provide briefings and training on evolving threats and risks to keep knowledge current across your organisation. having current knowledge on global aviation security threats reinforces the importance of a strong security culture.
- Tailor refresher briefings to the role. General briefings on security procedures, aviation security threats, insider threats and suspicious behaviours that need to be reported are relevant to all your staff, so ensure this information is made widely available. Middle and senior managers may require more in-depth and detailed briefings to influence their decision-making.
- Keep refresher training new and interesting. Reference recent events domestically or overseas to highlight the importance of positive security behaviours. This can be even more effective if training draws from events within your own organisation.
Continuous learning
Complacency can creep in when security is not talked about, or when it seems far removed from employees who feel they may not have a role or responsibilities related to security. This can undermine the security culture of your organisation. Promoting security messages continuously throughout the year with awareness-raising activities that target all staff is an important means to reaching everyone and reinforcing key security messaging. This is especially important in New Zealand, where staff can feel far removed from security issues observed overseas.
Ways to support continuous learning:
- Designate a ‘security week’ once per year or a ‘security day’ once per month to encourage engagement with current security messages. This might include daily outreach, education sessions and guest speakers, and information campaigns.
- Encourage and support staff to attend external courses and training opportunities on security, even when this may not be their core function. Bring in guest speakers or specialist security staff to draw attention to a topic of interest. These steps can help to get staff talking about security and establish security training as a regular fixture on the calendar.
- Keep learning methods creative and interesting. Novel ways to understand security can be more effective at making the messages stick, especially when staff are engaged or involved in the learning process. For example, undertake ‘red team’ exercises whereby staff are invited to think like someone who would target the aviation sector through your organisation. This is an interesting and engaging way to identify vulnerabilities in your organisation that can be strengthened. You might also ask staff to think through how they might deal with the consequences of such an attack.
Targeted education plan
It is important that all security education is tailored to the audience that you are trying to reach. Targeting education demonstrates that you know the audience you are pursuing with your security training campaign, and ensures these messages are conveyed in the most relevant, efficient, and effective way for that audience. Communications should have clear and concise messages that can be easily understood by staff who may not encounter security issues on a day-to-day basis. Likewise, specialist staff, or those with primary security responsibilities, should be provided additional information and guidance to enhance their ability to perform their security-related roles.
Target the right audience by:
- Considering the range of channels through which security communications can be delivered. Posters, flyers or leaflets can be left in break rooms, or emails or social media posts can be used to quickly share important messages to the right people.
- Communications plans should motivate staff to become engaged in security, not scare them into complying. Pitching information effectively and most importantly including the ‘why’ for all staff ensures understanding of why security is needed and encourage positive behaviours.
- Consider inviting experts or sector figures to endorse important security practices. External speakers can bring credibility and authority to education and communications strategies and can often draw greater interest from the whole team.
Assess your security training [PDF 85 KB]
