As Q1 of the new year blasts off, you might feel eager to jump into your 2024 security awareness program immediately. However, before launching any new initiative, it’s important to ensure you have the proper support and understanding of your team.
With this in mind, consider kicking off the year with 1-on-1 discussions with each employee. Use these talks to gauge the capacity of each team member plus their perception of last year’s training and what they will need to learn more about in 2024. Taking time for these 10 questions will help you gain valuable perspective and guarantee that your efforts will be worthwhile for both individuals and the company overall.
Here are the ten questions you should ask before kickstarting your 2024 security awareness program:
Understanding the projects your team will be working on this year can help tailor your training to specific needs. For instance, if your marketing team is working on a new project that involves using data that they typically don’t have access to, you’ll want to add specific group training for that team for handling high-security data.
Photo by Scott Graham on Unsplash
For just $325 USD, you can run a 6 week, automated program for gamified phishing awareness training and challenges. (Limited time offer. Normally valued at $999 USD)
Use Promo Code: 6WEEKS
Knowing this will allow you to have these customized groups and targeted training ready in advance, so teams don’t unknowingly start working on projects without proper security awareness training.
The best security awareness training programs are engaging. The best way to figure out which type of content engages your employees the most is to just ask them. A lot of times as security managers, we forget that listening can be our best tool.
By asking this question you’ll be able to get direct answers from your employees on what they can commit to completing and will enjoy doing. Maybe they enjoyed your in-person workshop the best or liked having PDFs to review the content they learned. Either way, you won’t end up wasting time making courses for your 2024 security awareness program that everyone will hate doing.
Similarly, understanding what didn’t work in previous training is just as important. This can help identify weak areas that need improvement or areas that may benefit from a different training approach to better engage and educate team members.
Maybe you thought everyone would enjoy at-your-own-pace video training, but everyone found it hard to schedule the training themselves. This question will help you catch possible improvements that you might not have identified yourself.
If your team likes engaging and gamified training – Work with Click Armor in 2024!
If new roles are being added to your team it is crucial that you not only know what they are but also what their daily tasks will include. Ask your team members for any new roles that will be created in the new year and ask for a description of their tasks or even a link to the job description.
This way, you can identify any new threats that will be added because of this role. For example, let’s say your team is now able to hire a Customer Relationship Manager. They’ll be dealing with loads of customer information, unlike any other role before. So, you’ll want to add additional training to your 2024 security awareness program for customer information protection for them to handle the data safely and securely.
Third-party vendors can pose a security risk, especially if they handle sensitive data or have access to critical systems. Understanding which vendors your team will be working with and ensuring they have the necessary security measures in place can help mitigate these risks.
Ask your team members not only who they are working with but also what exactly they have access to and what tasks they will be completing. Decide if you want to either limit third-party access or have each third-party vendor complete security training to protect your business.
Knowing this ahead of time will help you from being blindsided by an unexpected amount of additional training you need to add to your program.
Don’t forget that security awareness training is not only for your company, it’s also for individuals. Help your team members get the most out of your program by asking what their biggest worries are. What do they want to learn about this year? What have they always been curious or nervous about?
This not only shows your team members that you are working with them, but it will also help keep them engaged by adding content that they will be excited to see.
You can have all the resources in the world, but if your team members don’t know about them then they are useless! Sometimes, it’s not about your content, but it’s about how you market it. Does your team have a #securitynews Slack channel that your team members can join but no one knows about? Or office hours where people can come and ask questions that no one comes to?
Ask this question to gauge the awareness of your awareness program, which will tell you how much more you need to communicate to your team.
Knowing where your team receives most of their communications can be helpful when deciding how to communicate new security information effectively. If everyone talks on Slack, it doesn’t make sense to be the only team sending out notifications by email.
Additionally, if your team only communicates by instant messaging and not email, then you could omit or reduce your training on email phishing. There’s no use in training your people on platforms they don’t use in the first place.
This is a great question to ask at the beginning of the year and at the end of the year. By comparing the two answers, you’ll be able to see the effects your awareness program has had on your organization’s security culture.
Don’t forget to grab any other KPIs you’ll want to compare to at the end of the year! These will be great to show your executives.
Lastly, with many organizations offering remote work or hybrid work options, security concerns are evolving. Understanding where your team will be working from, will greatly change the content of your program.
The team’s direct concerns around remote work can help tailor the training to address any risks and best practices for remaining secure while working remotely.
One of the key aspects of a successful 2024 security awareness program is communication: Both talking to and listening to your team. By engaging with your employees at the beginning of the year and understanding their needs and concerns, you can tailor your training program to better suit their learning styles and bridge any gaps in knowledge. Remember, employees are the best resource when it comes to identifying potential vulnerabilities and preventing attacks. So, utilize their feedback and involve them in the process as much as possible.
Scott Wright is CEO of Click Armor, the gamified simulation platform that helps businesses avoid breaches by engaging employees to improve their proficiency in making decisions for cyber security risk and corporate compliance. He has over 20 years of cyber security coaching experience and was creator of the Honey Stick Project for Smartphones as a demonstration in measuring human vulnerabilities.