If I were a Ceo of a business and I was trying to promote cybersecurity in the workspace I would have rewards set up to encourage the employees to follow the rules. A reward I would have is a small bonus for people that change their passwords monthly and have done so for the entire year.  Another reward would be a 3 day trip raffle for the employees that take online courses to better their understanding of cybersecurity. A third reward would be two days off of work with pay for someone who got any cybersecurity certification.

Some sanctions for people who didn’t follow the rules would also be in place. One sanction would be if an employee wasn’t changing his password regularly they would be put on a probation list and have to take a course on why it’s important to do so. Another sanction would be a required cybersecurity certification if an employee was failing simulations. Finally, a sanction would be taking a basic cybersecurity course at one of the local community colleges.

These rewards and sanctions are the best of both worlds. The rewards give the employees things to look forward to for staying extra safe and for paying more attention to the cybersecurity. As the rewards get better and better it makes employees want it more and makes them work smarter. While the sanctions punish the employees who aren’t being the safest and compromising the business. The sanction is punishment but they also help the employees understand why these rules are in place.