It can be tempting to start deploying security awareness training as soon as the resoures are available. But you only get one chance, and it makes sense to plan it out.
Phase 1 – Assess where you’re at, including exec inputs
Phase 2 – Plan the content roll-out for both risk and compliance
Phase 3 – Engage business unit management to plan their roll-outs
Phase 4 – Create messaging to set expectations
Phase 5 – Begin roll-out of course content and assessments
Then do periodic assessments of knowledge and how the process is working, so you can make adjustments.
It’s tempting to “just start doing something”, and there are some things you can do. But if you get too far down the road without planning it will be hard to make time for planning later and to make significant adjustments without it looking like an ad-hoc program.
Photo by Ryan Putra on Unsplash
For just $325 USD, you can run a 6 week, automated program for gamified phishing awareness training and challenges. (Limited time offer. Normally valued at $999 USD)
Use Promo Code: 6WEEKS
That won’t build credibility with executives.
Scott Wright is CEO of Click Armor, the gamified simulation platform that helps businesses avoid breaches by engaging employees to improve their proficiency in making decisions for cyber security risk and corporate compliance. He has over 20 years of cyber security coaching experience and was creator of the Honey Stick Project for Smartphones as a demonstration in measuring human vulnerabilities.