Category: Top Cyber Security Quick Guides / Security Awareness Implementation Guide
Security Awareness Implementation Guide
It All Starts With Onboarding…
It’s crucial to instill the importance of security from the very beginning. New hires are often targeted by cyber criminals because they don’t know many co-workers and are more likely to follow direction from someone who pretends to be an executive.
What's in It for Me?
People are more accepting of learning when it’s personal. So, make training personal and teach them how to protect themselves at home, they will soon apply the same behavior at the workplace.
Stay Away From Just Ticking the Compliance Box
If they don't understand the importance of security, they won't take it seriously. And don’t make it a once a year thing, it should be a continuous effort all year long.
Get the Boss (Or Leadership) to Buy-In
Show how security training aligns with organizational goals and specific targets. Remind them that they have a huge target on their back.
How to Convince Your Boss to Invest in Security Awareness
Getting the Employee to Buy-In
Establish a supportive presence by creating a circle of influencers that will act as ambassadors of the training program
Your Ambassador Program
Don't Judge People When They Make Mistakes
Create an open culture where everyone can ask questions without fear. Whenever mistakes happen, use them as teachable moments and not to cast judgement.
Engage and Follow Up
Training is not “set and forget”. Ask employees for feedback and be open to constructive criticism.
Keep it Simple and Real
Don’t assume employees have a technical background, so use simple terms and real life examples they can relate with. And don’t make it childish, adults don’t appreciate content appearing like it was taken from a kids TV show like “Dora the Explorer”.
Face-to-Face is Still a Thing
Training in a classroom is still a thing and very effective. This is usually more expensive, however if you have the budget then don’t rely only on automation, do offline training once a year in addition to your online training.
Make it Easy to Consume
Employees think like consumers, you don’t want them to disengage, so make training frictionless. For example, it should be accessible through their phones with a single click.
Tap Into Existing Resources
Collaborate with HR or the marketing team to create unique content and embed it into existing communication channels. For example, create posters and hang them in the coffee area, write a blog post, or publish a newsletter.
Avoid Surprises
Many people don’t like being surprised at work. So, if you are planning on running a phishing simulation for example, let people know in advance and explain the goal. It may keep them on their toes as they look at every email as suspect.
Get Your Message Across Fast
People are busy, so be short and to the point. Find a balance between continuous awareness training without overwhelming or boring your team.