Security Awareness Training should not get overlooked. In the massive cybersecurity landscape, the attention to having a sound and dynamics security awareness program maintains a high priority.
If we walk back down memory lane elevated to a point of hosting a meeting or lunch session, but lunch was the drawing factor to people attending, and then a few may have asked questions during the meal crunching. The ever-present sign-in sheet was available to record attendees. The importance of the laborious work had not achieved the business support for mandating attendance from senior leadership, nor viewed as a vital area of importance in overall employee training from the Compliance, HR, or Legal departments.
The various cybersecurity frameworks, emerging compliance, and privacy regulations, always include sections to identify how Security Awareness Training is being provided to employees. Businesses for-profit and non-profit are included, as risks donot discriminate. The evolution has also changed the internal acceptance within companies– yes, Senior Leadership is now more supportive. The support has been assisted by a few well-known industry breaches, nevertheless eyes have been opened to the importance of Security Awareness Training.
“Invest the time to align with a vendor that has dynamic content to cover a variety of subjects/areas”
The growth of Security Awareness Training content available from vendors has grown. Invest the time to align with a vendor that has dynamic content to cover a variety of subjects/areas. Also consider the vendor’s ability to provide forward-thinking in the delivery of the content. If your organization needs a little humor for the message to be received better, take that approach. If your company needs gamification to create the buzz, take that approach. Gamification can be useful, as everyone likes to win prizes or get a little company “swag”. In the end, your message has been delivered. You as the Cybersecurity Leader, are pulling the right levers at the right time. Demonstrating you have your finger on the pulse, to educate the employees on cybersecurity risks and countermeasures. An interesting thought…..how the ol’ free lunch has evolved to getting swag…
The IMPACT of Security Awareness Training, is captured with the information below expanding on IMPACT in a different manner.
• I - Innovative. This approach does not always imply highly technical but does require you as a Cybersecurity Leader to have an innovative approach. Ensuring you are meeting the needs of your employee base.
• M - Measure & Monitor. Establishing good processes to gain insight on emerging risks and how the Security Awareness Training is being assisting in mitigating the risks. Also, helpful to support future funding.
• P - People, People and People. This is a soft science, but so essential. The employee base you are targeting, but also your Cybersecurity Team. Keep in mind your team’s ability to work with the employees and be kind. Utilize opportunities to educate users and not degrade them.
• A –Availability & Accessibility of Content. Consider how to ensure your Security Awareness Training content can be consumed by the employees in a variety of manners.
• C -Communication. The vendor application you are using is good, but don’t get too comfortable. The ability of you and your team to communicate in a very clear and concise manner is essential. Every meeting/project is an opportunity to communicate in a manner appropriate to the situation.
• T -Tenacity. The points above were calming, but this is the fire within you and your team to be laser focused on execution.
Security Awareness Training has been and will continue to be a vital portion of your Cybersecurity Program. Remember it was there at the beginning, keep maturing aspect of your program. Communicate with other Cybersecurity Leaders, share ideas on what has been good and not so good. We as Cybersecurity Leaders deal with risks constantly, therefore we must remember the IMPACT of Security Awareness Training.