As cyber threats continue to grow and online criminals attempt new tactics to trick employees into taking actions that can put sensitive data at risk, employee participation in security awareness training programs is more critical than ever. How can organizations effectively engage staff in security awareness training?
In this article we cover:
In 2019, we saw an explosion of ransomware attacks that impacted industry, government and hospital, and the growth of attacks has continued and evolved in 2020 during the global Covid-19 pandemic. So, what best practices can create employee engagement, increasing participation and ensuring a constant awareness of threats?
Management’s goal should NOT be to use fear, uncertainty and doubt (FUD) as the primary mechanism to change employee behaviors, because scary headlines alone will not change end user actions. Rather, follow these three time-tested steps to improve your security awareness program and lower organizational risk.
Staff also want you to teach them things they don’t already know regarding technology and security, rather than constantly repeating the same materials over and over, year after year. Some tips include making the material helpful for work at home with families in addition to professional activities Recent work from home (WFH) office moves during the pandemic in 2020 make home network security and practices a business priority.
Finally, talk with staff about topics that they are interested-in. Target training to meet organizational policies and processes, but also ensure that training is useful in people’s personal lives, and answers questions about new and emerging areas of technology, including the specific cyberthreats faced.
A common mistake is to try and pack too much into each lesson. However, if too many topics are covered, trainees become overwhelmed and discouraged. This can lead to a desire to just get the training over with – generally without a full understanding of the material or behavior change. And even if they go through it all, they’ll likely forget much of it. Bottom line, train well with professional materials on a specific focus area in short bites.
One final thought – measure your results. Ask staff, “Are you learning anything new? Is the content compelling?” Over time, observe whether behaviors are changing.
As you put into practice the above recommendations, you’ll see the participation in your security awareness program increase. You know you are hitting the mark when staff consistently say “thank you” and provide positive (written and verbal) feedback on the security awareness training they are receiving. Use these metrics to report results to management and continuously improve.