This is another post in our series on how to use Slack for Security. In this post, we discuss why you should be conducting employee risk and security surveys and why Slack is a great tool to do it. We conclude with an example survey template that can be used to kickstart surveys at your company.
Risk is the basis of all security programs. Risk is assessed in a multitude of ways from doing vulnerability scans to volume of data stored and processed to reviews of policies and procedures.
Employee, or human, risk is often cited as a major, or the major, risk facing companies today. This is because the majority of security incidents and data breaches come from actions employees take, most notably clicking links to fake websites (phishing) or installing malicious software (malware).
Collecting subjective data from employees in the form of user risk surveys is one more valuable source of data. While subjective employee survey data is not actual behavioral data (it doesn’t correlate 1:1 with the actions and decisions employees actually make), it serves a few valuable purposes for companies that choose to conduct these surveys and use the data as a part of a broader security and risk program.
If there’s value in user risk surveys, why don’t more companies do them? There are a few reasons:
Despite the above, there are good reasons to do user risk surveys.
There are many Slack apps that can be used to survey users. Search Slack’s App Directory for “polls” or “surveys” and you’ll discover there are lots of options that you can use in Slack to conduct simple surveys; here are the results for “surveys” - https://haekka-works.slack.com/apps/search?q=survey.
We’ve used different Slack survey tools. Some are fantastic. But, what we’ve seen as a blocker with them for security and risk surveys is that they are not dedicated to security. Oftentimes, these apps are owned by HR and security does not have direct access to create or send surveys.
We added features to Engagements to make it super simple to create, assign, and complete user security and risk surveys in Slack.
Like most admin functions, creating surveys on Haekka is done on the web dashboard.
Now that you’ve created the survey, you need to choose who should complete it. You can choose to add individual users from Slack, all users from a channel, or users in your Slack workspace. Optionally, you can sync this survey to your Slack workspace or to a channel so all new users added will be assigned this survey.
You can see the assignment options below:
Assigned users will be notified of the survey on the date set as well as on subsequent dates if the survey is recurring. The survey can be completed by users entirely in Slack.
The data collected in the survey is available in the Haekka dashboard. Data in aggregate and over time is provided to empower security leaders to make informed decisions about their infosec programs and resources. Additionally, admins can drill down into the data to assess individual risk.
We created a video to show how easy it is to create, assign, and basic password hygiene survey using Haekka in Slack.
Haekka is a security HQ in Slack. Train, stream content, ask questions, collect data, and continuously engage employees in the context of work. Schedule a demo and start a free trial today.