You don’t need a large library of security awareness training content to get the most value from your program. Why keep bombarding all employees with new guidelines?
Employees will be paralyzed if you don’t do these things:
1. Identify the top risks to the organization
2. Explain how they can be a target
3. Show them a variety of cyber attacks
4. Provide a safe place to practice
5. Give them feedback and rewards for participating
Focusing employees on the top risks and helping them spot clues more effectively will pay the biggest dividends. Showing them examples of security incidents caused by phishing and social engineering attacks will reinforce the patterns they need to be looking for.
Photo by Towfiqu barbhuiya on Unsplash
“The challenges were so quick I was able to do them in the time it took me to sip an espresso.” – IT Security Manager
Don’t worry about maximizing the range of security topics covered in training. Focus on what will impact the bottom line to get the most value from awareness training.
Scott Wright is CEO of Click Armor, the gamified simulation platform that helps businesses avoid breaches by engaging employees to improve their proficiency in making decisions for cyber security risk and corporate compliance. He has over 20 years of cyber security coaching experience and was creator of the Honey Stick Project for Smartphones as a demonstration in measuring human vulnerabilities.