Need three email template to encourage my employees to complete Security Awareness Training.

Two more weeks left before the deadline and I still have a number of employees who have not yet completed the training. I think at this point, I need to send an email to the management team to have there subordinates complete and acknowledge the security policy, and also an email targeting those that have not completed their training that there account will be locked if they do not complete it before the deadline.

That said, can someone please help me come up with a few email template for:

1) Email to management team to encourage their subordinates to complete and acknowledge the security policy.

2) Email indicating there account will be locked if they do not complete training before the deadline, because they are deem a security risk.

3) Email reminder to take security courses before deadline (this is the third reminder email by the way). If employees still do not comply, I will schedule a meeting session with them to go over security awareness.

The challenge is dealing with the executives, who thinks they are to good for this and it's a waste of time. I'm sure I will have the buy in from my VP of IT to locked out users, but I'm sure the executives will have a fit about that.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

I know you're asking for templates and forms of words, but consider the following first:-

The problem you seem to be facing isn't so much one of wording, but rather one of motivation and enforcement. You understand the need for security awareness training for employees, and the company has at least a dim awareness that such training would be a Good Thing; however, unless you have the unequivocal support of senior management in delivering this course then you're wasting your time.

In the worst case scenario you'll be made the scapegoat for any failures in implementation of the course, and even if you avoid that fate then the reluctant beneficiaries of the course will pay no attention to the principles of safe and vigilant internet and email usage and things will continue as if it had never happened.

Locking users' accounts is unlikely to be productive, as the employees will still turn up for work; preventing them from working once they are in the office (or wherever) by denying them access to the system and then not paying them because they're not working is likely to be a legal minefield. Threatening them with meetings about security awareness if they don't play ball by the deadline will be like scolding teenagers - it will go in one ear and out the other, bypassing the brain completely.

It's not just taking the course that matters; applying its lessons is the whole point of the exercise, and if employees aren't willing to learn and do then sanctions must be applied. If the executives (whatever they are) are leading the charge in non-compliance then they have to be dealt with first.
The Horrible Example approach might work well here - no course, no job, no exceptions. Another sanction, which would be ongoing, would be to make individual employees personally responsible for matters arising from their carelessness in allowing threats to compromise or damage any aspect of the company's activities, with such offences automatically invoking the appropriate level of clearly defined disciplinary action; this would ensure that the lessons from the security awareness course would be continually applied as part of the warp and weft of the working day.
Having said that, all stick and no carrot management is counterproductive, so perks and rewards could be made available to those who do embrace the concept and practice of proactive defence against internet and email threats. If the organisation is large enough then there could be interdepartmental competitions and league tables in which the best-performing groups might be given time off, or cinema tickets, or pizzas, or whatever works best for the company and employees concerned. Even in a small outfit a little imagination can devise effective incentives for rewarding those who are alert and proactive in protecting the company.

Change is often accompanied by conflict, and some of the problems you face appear to be due to a tacit policy of conflict avoidance, even when the latter isn't helpful. The language you use when outlining what you want the templates to cover shows this: "encourage", "indicating", "scheduling a meeting" are all indefinite terms that allow plenty of wriggle room for the unwilling.

It sounds as though you have to sell this security awareness thing to the senior management first and get them on board because until you have their full support in getting these measures in place and working, no amount of gracious prose and veiled pleading (for that is what it will be) is going to change the current mindset; if that high-level management support isn't forthcoming and sustained, you will be on your own... If it does materialise then your language should still be polite, but firm and decisive as well.

If senior management at your company act like politicians, promising you everything you need and delivering little or none of it, then if you can't change minds perhaps you would do better to change organisation.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.