As graduates progress they can be awarded points that earn rewards appropriate to the organization, such as certificates, prizes, corporate perks or monetary bonuses.
3. Monitor graduate behavior. This adheres to the old adage of "trust but verify." The idea is that the IT department should monitor certain aspects of graduate's IT usage so that their managers can better understand how well they are adhering to security best practices and intervene when necessary.
4. Make security easy. One way to reduce graduates' temptation to use consumer services is to ensure that there are enterprise-grade alternatives that are attractive and easy to use.
So while it may be hard to get a graduate who has grown up with Gmail to start using an email client like Outlook that they may see as ugly and unwieldy, it may be easier to wean graduates off Gmail by providing alternatives. This could be something as simple as Outlook Web Access, or a more sophisticated alternative like offering access to Exchange data on a mobile device such as an iPhone or Android tablet using ActiveSync.
5. Run a security event. As an example, Levine says Intermedia runs a "Hacktober" event every fall. During the event the security team does everything that it has warned graduates against, such as leaving USB keys around (that contain harmless malware) and sending out phishing emails (which also do no real harm.)
The team can then contact any graduates who pick up and use these USB sticks or who respond to the phishing emails and graduates can gain kudos but reporting that they have spotted these planted USB devices or phishing emails.
6. Quick win. If there's one single thing you can do to make a big difference, Levine believes it is to drum it in to new graduates that they need to use separate passwords for each corporate system or application that they log in to.
It's important to make sure that these are different to any passwords they use to provide access to consumer services. That's because consumer services are tempting targets for hackers because they often have poor security, and if a hacker can get a password from a consumer service that's also used in a corporate environment then that presents a significant security risk.
Sign up for CIO Asia eNewsletters.