Blog courtesy of KnowBe4
Written by Stu Sjouwerman
As we're now in Cybersecurity Awareness Month, thinking about how to strengthen your security awareness training program is probably top of mind.
Luckily, we've got you covered with helpful tips you can use to run a strong security awareness training program in your organisation! We asked our Security Awareness Advocates for their expert advice on questions like how to get started, how to motivate your users, and how to develop a strong security culture over time. While not an exhaustive list, here is a handy one-sheet with what they had to say:
Click here to download the full infographic
Critical components of a successful security awareness program:
- Use good, high quality content that’s highly relevant to your users
- Reinforce the training with regular simulated phishing attacks
- Stay current with what is happening in real phishing attacks - mirror the topics and methods used by cybercriminals
How to motivate your users to do their training on time:
- Lead with a carrot, not a stick! Reward users upon completion (could be a sticker, certificate, raffling off a gift card, etc.)
- Make it a game and create healthy competition between departments or other groups
- Get your leadership involved publicly - make sure it’s well known and seen. It will make the rest of the organisation want to follow in their footsteps
How to gain and maintain executive support for your security awareness program:
- Speak their language: Don’t get too technical, and tie it to business objectives (risk, reputation, business benefits, profit and loss impact, etc.)
- Address the “why” and how does it help your organisation be more successful
- Talk about cybersecurity in the news, how it was a result of human error, and how this program will help to mitigate human error
How to measure the benefits of a successful security awareness program:
- Track metrics like the phish-prone percentage of your organisation or number of phishing emails reported over time
- Conduct surveys with different stakeholders to gauge their perception of the program’s success
- Whatever you use to measure success, make sure it is defined, agreed upon and tracked
How to develop a stronger security awareness culture over time:
- Evaluate your organisation against the 7 dimensions of security culture, and measure it against your industry’s benchmarks (we have done studies on this!)
- Tie your security culture into your overall organisational culture so the two are not at odds
- Understand that there is no fast track to a good security culture - by consistently following the advice above, you will develop a strong security awareness culture over time
We hope these tips can help you implement new-school security awareness training for your users. Here are more in-depth videos on our partner support site. Make sure you're prepared for Cybersecurity Awareness Month and beyond!
Get Your Free 2021 Cybersecurity Awareness Month Resource Kit
In today's hybrid work environment, your users are more susceptible than ever to attacks like phishing and social engineering. Cybercriminals know this and are constantly changing tactics to exploit new vulnerabilities. We've put together these resources so you can keep your users on their toes with security top of mind. Request your kit now to help your users defend against cybercrime whether they are fully remote, back in the office, or a combination of both.
Here's what you'll get:
- Access to free resources for you including our most popular on-demand webinar and whitepaper
- Resources to help you plan your activities, including your Cybersecurity Awareness Month Guide and Cybersecurity Awareness Weekly Planner
- Two free training modules for your users; "Your Role: Internet Security and You" and "2021 Social Engineering Red Flags," both available in multiple languages
- Resources to share with your users including Kevin Mitnick cybersecurity demo videos, infographics, tip sheets, awareness posters, and wallpapers
- All assets are printable and available digitally, so they can be delivered to your users no matter where they are working from