Janelle Drolet, vice president of operations and sales for Framingham-based cybersecurity consulting firm Towerwall, shares some tips on security training.
Get Instant Access to This Article
Subscribe to Worcester Business Journal and get immediate access to all of our subscriber-only content and much more.
- Critical Central Massachusetts business news updated daily.
- Immediate access to all subscriber-only content on our website.
- Bi-weekly print or digital editions of our award-winning publication.
- Special bonus issues like the WBJ Book of Lists.
- Exclusive ticket prize draws for our in-person events.
Click here to purchase a paywall bypass link for this article.

Â
10) Become security aware: Organizations face the enormous challenge of safeguarding data from complex cyber threats. Human error still accounts for 95% of security breaches, according to the World Economic Forum.
9) Employee accountability: Security lies in what employees know and are trained to know, the tools at their disposal, and how they respond to phishing attacks.
8) Build a human firewall: By regularly conducting simulated phishing exercises seven times a year, organizations can train their workforce, cultivating their intuition and muscle memory to combat threats.
7) Limit tech overreliance: A holistic approach considering people, processes, technology, and oversight is necessary for security enforcement.
6) Awareness vs. action: Fostering a culture of security-minded behavior requires motivation and participation. Develop a shared sense of responsibility.
5) Communication challenges: Communicate concerns to all department levels without jargon. Security professionals should stress the financial fallout from an attack.
4) Behavior science: Understanding motivations, discouragements, and responses to phishing tests can make training more effective in creating a strong security culture. Use the carrot, not the stick. Never humiliate when someone fails a phishing test but highlight the risk to the business.
3) Tailor training content: Tailor the training content to various groups or departments depending on their security maturity. Use fun incentives like gamification, gift cards, badges, team vs. team.
2) Buy-in from the top: Leaders should set an example by taking the training. Employees need to hear about the potential for business disruption and costly remediation of a cyberattack.
1) Integrate awareness with new tech: As new technologies like AI and blockchain are more prevalent, employees must be trained to manage their security aspects.