Login to your account

Username *
Password *
Remember Me

Create an account

Fields marked with an asterisk (*) are required.
Name *
Username *
Password *
Verify password *
Email *
Verify email *
Captcha *
Reload Captcha

Advertisement 

×

Message

EU e-Privacy Directive

This website uses cookies to manage authentication, navigation, and other functions. By using our website, you agree that we can place these types of cookies on your device.

View e-Privacy Directive Documents

You have declined cookies. This decision can be reversed.

How to Highlight Security Awareness Training to Employees’ Needs

Written by  Feb 23, 2018

Security awareness isn’t just education, communications and training. It's a mind set which should involve everyone from top to bottom.

It needs to be a credible program that people want to be a part of and learn from. It should be relatable, from a business perspective, but also from a personal perspective. It requires managing people, groups and projects and creating a plan to disseminate relevant information to employees who all need to understand that they are stakeholders when it comes to the security of the company and its staff. It involves equipping your employees with the knowledge they need to spot the threats and take appropriate action that aligns with your company policies. It should be a crucial component of any security program.

Employees are often considered to be the weakest link, but they can also be a huge asset to any security team if they are given the right tools and training. The old cookie cutter approach to pushing one annual required training to employees, with a phishing test scattered here and there, just  isn't enough. In order for your employees to play an integral role in securing the company they need to be given the right tools that are up-to-date and continuous, and they must feel enabled to make a positive impact. The best way to set the precedent for this is to give employees an understanding of the security program from day one. To cover security policies and common threat vectors that are seen at your organisation as well as to discuss the role employees will play in securing the business.

Advertisement 

Associates should be made to feel like they are truly part of the program with open dialogue and discussion through various means. This can include both push and pull training such as articles, newsletters, competitions, phishing tests, emails and presentations throughout the year. Effective communication is ongoing and can be done through discussion boards with direct contact to the security subject matter experts. Make some, if not all, of the security team readily available to address employee questions and concerns through a group mailbox that employees can use at any time. This will also give the security team good insight into the current threat landscape of the company as employees report suspicious activity and further their knowledge and undestanding of the secuity threats by asking questions.

classroom

Test your employees with real-world scenarios. Employees are going to be receiving real phishing threats in their email box so why not test how they would respond in the event of a real malicious message in a controlled environment through real hands-on experience? This in turn will make employees fully aware of what they clicked on  was a test and could have had detrimental effects if it were real. And from a security awareness program perspective you will gain measurable metrics that can be communicated to the security team and the company. 

Don’t just base your program around policies and requirements. Survey your audience and find out what their security concerns are, both at work and at home, and what they want to see and hear from the security team. A survey can also be utilised to gain metrics on the current security position of the organisation and progression year over year when the survey is conducted. When employees see their areas of concern being addressed, you will grab their attention and they will feel like an integral part of the whole process.

Ensure that you consider your audience when creating security training content and tailor it accordingly. Some groups will have more knowledge than others, and each training and communication should reflect that. Don’t assume all your employees aren’t technical because if you take that approach you will lose the attention of those who are. Also, give your employees the ability to do something when they notice something suspicious by offering numerous reporting mechanisms and giving them the background knowledge necessary to make that determination.

Advertisement

 

Creating a culture of security aware employees is a big task and can take a lot of time and effort. If you cannot spare a full-time employee to do this task, then a committee of security liaisons could be established to be the ambassadors for security through different sectors of the business. This helps create an even larger security network within the company with active participants endorsing security on your behalf. Security is truly a company effort with all hands on deck, with the security team playing a crucial leading role as specialised subject matter experts in their areas to help implement an impactful and lasting cultural transformation. There are only so many people that are employed as part of the security team, but it can be in the company’s best interest to turn every employee into a skilled security participant that can be leveraged to have more eyes and ears on the threats.

While security tools have always been considered a necessary part of a security program, it is also imperative that security awareness now be considered a requirement as well. Implementing cultural change can be done by ensuring employees have enhanced protection and security through increased security awareness amongst employees. Every employee should be prepared to play a role in securing themselves, their company and its assets. Security awareness is a crucial aspect and enabling all employees and organisations in your company to work together will help to achieve a sustainably successful security position for your company.

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.

Latest

Cyber security double agents most common in UK

Aug 08, 2018 Cyber UK

Cyber security double agents most common in UK

Grey Hats, who work as both as cyber criminals and security professionals, are the most common in the UK, with one in 13...

Advertisement 

  1. Popular
  2. Trending
  3. Comments

Calendar

« August 2018 »
Mon Tue Wed Thu Fri Sat Sun
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30 31    

Advertisement 

Advertisement