Although heavily targeted, employees are your first line of cyber defense. With the right training, they can prevent a business-threatening attack by following the procedures established and taught during trining. Use these 7 techniques to increase retention and bring new ligth to importance of fighting cyber-attacks from the front-line.
1: Ongoing:
Security awareness cannot be an afterthought or an ad hoc program (if it is, it’s already too late).
You need clear and consistent communication with employees emphasizing both risks in the business, and potential attack strategies. Regular risk updates and any new information should be communicated as neccessary to avoid falling victim to new tactics.
2: Interactive:
Sure, training programs can be as simple as a watching few slides recorded on a webinar platform, but that can also be boring and cause employees to tune out this valuable information. Increase retention and application with interactive training modules that require participation and proof of knowledge.
3: Real:
When people haven’t experienced a cyber-attack first-hand, they may have more trouble spotting red flags or believing it could happen to them. Share recent phising attempts, detail phone scams and show screenshots of compromised software and websites to provide real-life context to the risk.
4: Digestable:
A two hour security training where someone reads off of a screen or talks at the participants could be consideredd cruel and unusual today. Make it tolerable by breaking-up the subjects into easy-to-digest, 15-minute modules spread over the year. Another option is to present a topical security update every six weeks to keep employees thinking about security on a regular basis.
5: Targeted:
The security threats for engineers are different from those received by the sales and marketing department. Because attacks on these different groups are targeted and unique, their training has to be too. Consider the risks associated with each department and ensure the appropiate threat vectors are addressed during training.
6: Gamified:
Dare we suggest… make security training fun! Test and reward employees using one of the many plataforms that enables gamified security training. Launch a fake phishing attack and reward the employees who follow the correct procedures. Get creative and make it part of your culture.
7: Everywhere:
Organizations are full of different types of people, and every one of them need to be trained in a way that increases retention and application. Vary the plataforms, placements and communication of security reminders throughout the office. In addition to email, consider “potty posters”, screen savers, internal signage, instant message platforms, office screens, announcements, etc.