What are the challenges in enforcing security policies in an organization when they have not been in place previously?

After a new security policy is drafted and implemented, enforcing it and ensuring it is followed comes with its own challenges-

  • Resistance
    The first instinct most people have to change is resistance. It is necessary for the security team to be aware of this and be resilient and persistent in educating the personnel affected by the policy and enroll them into its importance.
  • Old habits die hard
    Employees are used to doing things in a certain way, and can slip back into old practices which violate new security policies out of sheer (bad) habit.
  • Constant monitoring
    The security team has to allocate resources and time for a considerable period after pushing out the new policy to constantly monitor the activities of employees and ensure policy adherence.
  • Disciplinary actions
    The security team (and possibly the HR and legal teams) must be up to following through with the disciplinary actions listed in the policy upon it being violated.
  • Regular training
    The security team must conduct regular training to ensure that the personnel involved understand the need for the policy, its importance, and the strict consequences of not following it.