Starting A Cyber Awareness Program…

August 14, 2019

Our staff, as a whole, is our weakest link when it comes to the security posture of the organization. It is our staff that lets their guard down due to workload and it is our staff that configures and deploys our information systems across the enterprise. Most people think that our IT Department is the most critical component of the Cyber Awareness Component, but even with the most comprehensive security measures in place, a quick mishap with a user providing credentials via a phishing attack is enough to circumvent those measures.

Having a successful Cyber Awareness Training session involves the whole organization, and it starts from the C-Suite buy in. If you do not have the C-Suite buy in and support, then your staff will also feel that the program is not necessary. Show the C-Suite the importance with statistics on the benefits, then you will have their buy in and support – it will go a long way in having the rest of the staff understand the importance of it.

When developing a program, having short, concise and focused content keeps the end users interested in the content and promotes discussion. The content does not have to be in the form of videos that are an hour long with quizzes at the end. You can have short videos with discussions at the end of each one – making the content engaging while promoting discussion. The goal is to keep it as creative and informative while making the staff feel like they are part of the solution. This will also provide the ability to update the training more frequently, keeping it up to date since it has a more fluid approach as new topics come up during the discussion.

One final thought on Cyber Training – make sure that you discuss Physical Security. Threats do not just come in the form of electronic/digital. Physical security plays an equally important role in protecting your organization. Having discussions about leaving devices logged in, documents with sensitive information open to public view and how to properly destroy documents are just a few examples that can be discussed.

As always, Slate is here to help you and your organization navigate these waters and promote awareness in an efficient and positive way. Reach out to us and we can discuss your organizations Cyber Awareness needs…