Security awareness is an ongoing process. A one-hit education program is not enough to make the awareness stick. Viewing a series of click-through videos has its place, but to truly develop the awareness factor the end user must be exposed to a variety of training in order to make the program successful.
Keep in mind different people learn differently. Some learn better by visual or audio queues, others by hands-on or group activities. That is why it is important to build your program by incorporating multiple layers.
By taking advantage of professional development opportunities, you can create real-world educational exercises. Bring in outside industry professionals to speak about best practices or common ways that users can protect themselves. Use current events as teaching moments.
Don’t forget to utilize your organization’s bulletin board service to drop short tips, tricks and reminders. Micro bursts of training are highly effective.
Use posters. Change them on a regular basis and post in high-traffic areas like common areas, hallways, cafeterias, offices and lounges.
Gamification is always a fun way to incorporate educational moments with interactive fun. There are lots of online resources to assist with this. Here are some links we have collected.
Simulated phishing campaigns are also extremely important for your program. Phishing is the number one way criminals harvest user credentials, spread malware and ransomware and invade your network. Cyber criminals have found that the easiest way to steal your data is just to trick you into giving the information to them. Phishing is Your Company’s #1 Security Threat, Risking Information, Company Data
MOREnet has created a series of security awareness screen savers. Conduct a contest and have your staff create their own screen savers or posters. By placing the responsibility into the end users’ hands, you are creating an environment of awareness that sticks.
Take advantage of October’s Cyber Security Awareness Month. Use this event as a learning/teaching opportunity. There are lots of resources to assist you. StopThinkConnect.org is a great resource.
Set a positive tone to your program. Have rewards for users who report potential security issues or actively contribute to the overall program in some way. When users fall for a phish or click a malicious link, encourage them to report the incident and provide feedback for why it is important to be aware and what the repercussions are. An understanding of the direct results of an action can be the best way to transform security awareness.
Make sure to develop a way to help measure the success of the program. Track the dates and target audiences and measure your program’s effectiveness. That way you will know if the activity was successful or adjustments need to be made.
An ongoing cyber security awareness program will help you keep your organization and users safer in the cyber world. These are lessons that will become as natural as tying your shoelaces so you don’t trip yourself up in the ever -volving cyber landscape.