I would arrange a roundtable discussion with my colleagues to address the consequences of their behavior on the security and safety of both assets and individuals. Additionally, I would propose organizing a one-day workshop for all relevant colleagues and departments to prevent similar behavior in the future. Furthermore, we may need to review and update our security policies accordingly.

Actually, corporate workstations & phones should be locked down so tightly that there will be no compromise. If there is any "hole in the armor - it must be fixed". GPO settings, BITLOCKER, VPN/MFA, Deny USB devices are some great techniques to prevent technical security shortcuts. Most companies lock down for MAX hardness as a goal, and alternative flexibilities are not present However, folks can compromise non-TECH security (policies & best practices). Maybe "click-happy" users won't take time to inspect attachments or other guidance. Security awareness training can turn around things. Security will no longer be seen as a barrier, but vital protection for each person & the company itself. It's always good to not be RCA for an event

To address this risky behaviour, you need to first sit down and engage in a dialogue with them. This is to help you find out why they find the cybersecurity a hastle. You need to then find ways to explain to them the importance of cybersecurity over convenience. This is to make them understand why their behaviour would put the company at risk. You need to then find ways to let them practice cybersecurity measures but at a simplified way. This is so that they wouldn't find it as a hastle.

Addressing a colleague’s risky behavior of compromising cybersecurity for convenience requires a tactful approach. Start by having a private conversation to understand their perspective and explain the potential consequences of their actions. Use relatable examples to illustrate how small lapses can lead to significant breaches. Offer alternative solutions that balance convenience with security, such as streamlined workflows or secure tools. Emphasize the importance of collective responsibility in protecting organizational assets. If the behavior persists, escalate the issue to the security team, ensuring it’s handled professionally and constructively. Collaboration and education are key to mitigating risks.

# Educate and Raise Awareness 1. *Explain the risks*: Discuss the potential consequences of a security breach, emphasizing the personal and company-wide impacts. 2. *Share real-life examples*: Illustrate the risks with real-life scenarios or case studies, making the threat more relatable and tangible. # Offer Convenient and Secure Alternatives 1. *Suggest secure tools and platforms*: Introduce convenient, yet secure alternatives that align with your company's cybersecurity policies. 2. *Provide training and support*: Ensure your colleague understands how to use these new tools and platforms effectively

To address colleagues who prioritize convenience over security, consider the following steps: 1. Understand their perspective: Empathize and actively listen to their concerns. 2. Have an open and honest conversation: Educate them about the importance of security and offer practical, secure alternatives. 3. If necessary, escalate the issue: Document the problems, involve management, and lead by example. The key is to prioritize collaboration, education, and finding solutions that strike a balance between security and convenience.

To address a colleague compromising cybersecurity for convenience, I would first assess the specific actions being taken and then engage in a constructive, non-confrontational conversation. I’d explain the risks involved, such as data breaches and compliance issues, and highlight the importance of following security protocols. I’d also remind them of organizational policies and offer secure alternatives, such as password managers or two-factor authentication. If needed, I’d suggest further training. If the behavior persists, I would escalate the issue to leadership or the security team to protect the organization's security posture.