Janelle Drolet is vice president of operations and sales for Towerwall, a cybersecurity consulting firm based in Framingham
Updated: April 1, 2024
10 Things
10 Things I know about ... Security training
10) Become security aware: Organizations face the enormous challenge of safeguarding data from complex cyber threats. Human error still accounts for 95% of security breaches, according to the World Economic Forum.
9) Employee accountability: Security lies in what employees know and are trained to know, the tools at their disposal, and how they respond to phishing attacks.
8) Build a human firewall: By regularly conducting simulated phishing exercises seven times a year, organizations can train their workforce, cultivating their intuition and muscle memory to combat threats.
7) Limit tech overreliance: A holistic approach considering people, processes, technology, and oversight is necessary for security enforcement.
6) Awareness vs. action: Fostering a culture of security-minded behavior requires motivation and participation. Develop a shared sense of responsibility.
5) Communication challenges: Communicate concerns to all department levels without jargon. Security professionals should stress the financial fallout from an attack.
4) Behavior science: Understanding motivations, discouragements, and responses to phishing tests can make training more effective in creating a strong security culture. Use the carrot, not the stick. Never humiliate when someone fails a phishing test but highlight the risk to the business.
3) Tailor training content: Tailor the training content to various groups or departments depending on their security maturity. Use fun incentives like gamification, gift cards, badges, team vs. team.
2) Buy-in from the top: Leaders should set an example by taking the training. Employees need to hear about the potential for business disruption and costly remediation of a cyberattack.
1) Integrate awareness with new tech: As new technologies like AI and blockchain are more prevalent, employees must be trained to manage their security aspects.
WBJ Web Partners
Most Recent
Most Recent
0 Comments