People Are Threats
People are one of the most dangerous security threats your business could face. They can unintentionally do things that could lead to security vulnerabilities or threats exploit systems. Lack of raising awareness on best practices and the correct rules will mean your employees are more likely to fall for attacks, such as phishing. Employees may also go rogue on the business by attempting to take the business down with them. Keep your organisation safe by being proactive in awareness training. Today we will be going through some of the reasons why you should consistently run awareness training for your business.
Reasons for Awareness Training
Forgetting to lock the door, turn the lights off or boil the kettle are examples of ways we could forget to do something. Even when it comes down to selecting secure passwords or to not leave documents out on your desk, you are bound to forget a few things. Awareness training is a great way to help employees continue to remember the not so regularly security tasks.
People Miss Out Things
Another reason for consistent awareness is because people won’t read their emails or information sent out. People can have busy days so might not be able to see information you have sent out. Whether you would prefer just to dish out courses online or not, you need to engage on both sides. Workshops, posters and Q&As on the policies you have in place for security purposes are examples of ways you can raise consistent awareness.
Is it really something to be worried about?
Additionally, people may not think of it as a problem or do things unintentionally. Mistakes can happen and it could have consequences on the business. Awareness is an important way to make sure people know what is best practice. By also doing this consistently you imply it is something to always keep in mind. When mistakes happen, target those people specifically and make certain courses mandatory based on current issues or what your business needs the most.
Short and Concise
However, when it comes down to policies you should always keep them short and clear. Describe it in a way everyone can understand as if the person has never used anything before. Creating documents with this in mind ensures staff can easily understand what the policy means. Creating something that is unclear may lead to employees misunderstanding what it means or be able to act on it correctly. It may also lead to employees skim reading the document and missing out important details.
Threat Intelligence – Keeping It Relevant
If you do happen to work in cyber security/ information security, it can be beneficial to check regularly for different attacks and issues. Even through engaging and organising awareness training, you will be constantly looking for news articles that might spark ideas for some relevant awareness training materials. With reading news items, it also enables you to raise awareness on potential threats to your business just by knowing what is current in the news. Anyways, my point here is to keep training relevant to what is going on in the wild as it keeps things flexible and not as repetative, which in turn will make awareness training a lot more exciting for those who may have been at the company and already seen all the earlier material.
While its great to be strict and shout at employees for doing things unintentionally, it won’t help them learn from the mistakes. Be human towards your colleagues and help them learn what to do next time. Through working with colleagues on case studies of earlier emails, threats or events you can help encourage more vigilant staff. If it works well, you will also reassured that staff members will be better ready for future threats.
You could also do targeted awareness training, this way you can make sure the most vulnerable people in your business are prepared for future threats, such as maybe you focus a huge majority of awareness training for those in departments who hold company confidential data.
Use Different Platforms
Email is not the only place to raise awareness on cyber security issues. Why not start a social page to share news and to start discussions, this way your awareness training has an interactive elements. By combining this with the likes of an awareness training platform your awareness training will have a better and more effective outreach. Additionally, posters, texts and regular updates via your social platforms can help. Examples of social media platforms you could use are: Padoq, LinkedIn, Facebook Groups/ Pages and Twitter but do keep in mind that those platforms are more for generic awareness on current news, etc.
Create Engaging Content
Media has its ways on people and by making what you’re posting captivating you will avoid employees from losing interest. Create content that describes the issues almost straight away and has a symbolic element to it that will help your employees remember what threats are. For example if you wanted to do a course on spear phishing, you could associate the content with a spear. At the end of the day, if the content sticks, it will help employees stay more vigilant.
Jump in on the Awareness
Do you want to be involved in a community based on raising technology awareness? We have the perfect page for you! Technology news & awareness is a Facebook page/ community aiming to share information on how to stay secure and related news items. You can find the page by clicking here. Additionally, the Dynamic Double blog have the latest experiences, updates and more so please check back regularly. If you have any comments or suggestions please feel free to share them below.