Security and Compliance is an ongoing process. Both in personal and corporate activities, it is worthwhile stepping through the simple four-step process to reduce the risk of compromise.
In the same way as when you buy a new house, you plan (at least in your head) to change the locks and possibly add locks to the windows, extend insurance to cover loss, and repair things that may fall down and hurt people, when starting a new year, examine
the risks your company is exposed to, particularly new ones such as mobile security.
Plans are just that. Without actually changing your locks, you are still vulnerable to the set of keys lost by the previous owner. Without your employees changing their password on a monthly basis, hacked passwords still grant access to your systems.
It is all very well telling people to do something, but the manager's responsibility is to check it has been done, or the progress, manage the risks and issues and smooth out authorisations.
Crime is not static, nor is the law. Annual, monthly and even daily reviews of new threats or changes is a must.
Cuthbert, Dibble and Grub
Trumpton, anyone? Mnemonics, particularly rhymes, make things easier to remember. Whether it is "Pugh, Pugh, Barney McGrew, Cuthbert, Dibble and Grub" or "Plan, Do, Manage, Review", make the compliance and security messages for workers (employees, directors
and contractors) simple and easy to remember and they are more likely to be followed, at least in the most part.