Author: Kevin Rubin, president and CIO, Stratosphere Networks
If you’ve ever watched a G.I. Joe public service announcement, you’ve heard that knowing is supposedly half the battle. While the exact percentage is arguable, knowledge certainly makes up a sizable percentage of any effective anti-cybercrime strategy.
A lack of awareness about best practices for optimal IT security can certainly prove disastrous for your business: A study conducted by Stanford University Professor Jeff Hancock and distributed by Tessian Research found that a whopping 88 percent of data breaches result from human error.
Subsequently, keeping your team up to speed on the threat landscape and proper data protection procedures is vital if you want to avoid costly, reputation-damaging security incidents.
As we look forward to 2022 and beyond, consider the following tips for strengthening your security awareness training program and maintaining optimal cybersecurity posture.
1. Identify the biggest threats to your organization. Routine security risk assessments and vulnerability scans can offer a helpful snapshot of the ways hackers could potentially infiltrate your network. As your IT environment changes (e.g., through the adoption of remote work solutions), you’ll want to reassess your weak points and pinpoint new threats. Once you’ve identified the most likely attack methods, you’ll know what to focus on in training sessions.
2. Incorporate simulated attacks to test your team’s abilities. For instance, we utilize training software to execute false phishing attacks (a.k.a., spoof phishing) to see how well they’ve absorbed information on how to spot suspicious messages.
3. Address best practices for secure remote work. If some or all of your employees work from home or locations other than the office at times, you should inform them about best practices for keeping data and devices safe while they do their jobs remotely. For instance, you should ensure they don’t leave devices that contain work-related apps and data unlocked and unattended at home, according to the Kaspersky Daily blog entry “Remote working safety and security.”
4. Get support from your company’s leadership team. C-level endorsement and participation can have a considerable impact on the success of your security training program, according to the KnowBe4 white paper “Building an Effective and Comprehensive Security Awareness Program” by Joanna Huisman. They need to be informed like anyone else in your organization, and their support is essential to establishing and maintaining a security-first company culture.
5. Reward good behavior. Don’t forget the power of positive reinforcement in the realm of behavior modification. Distributing gift cards or certificates or even just giving people shout-outs for secure behaviors (e.g., successfully identifying a phishing attempt) can go a long way in motivating people to pay attention to security, KnowBe4 advises.
Overall, these tips should help you get started, but remember that the landscape will inevitably change. You’ll need to make an ongoing effort to keep educating your team and revamp your training program as cybercriminals change tactics.
If you have any questions about optimizing your security awareness training, our security team would be happy to assist you. We have extensive experience carrying out employee security awareness training and can offer expert guidance on the best ways to keep your team informed about emerging and evolving threats.