Employees Face the Brunt of Cyber Attacks
In the security awareness training world, frontline employees are viewed to be wearing the majority of the ‘brunt’ faced by ever-increasing cyber threats, regardless of software or hardware protection.
My son in the Air Force says, “Dad, employees have two job titles and don’t even know it. The first job is their main title: financial analyst, HR representative, and so on, but the 2nd job title is as a Cybersecurity expert. And if they don’t embrace it, they bring risk to the organization, and that’s simply unacceptable. So, companies have to prepare employees to be ready to face inevitable attacks and tactics.”
This perspective on cybersecurity is critical in today’s environment, given most coverage on larger attacks is centered around businesses and global enterprises. And here is where it gets interesting!
Security Awareness Learning
The stakes are high with cyberattacks and one mistake can quickly lead to job losses and fierce scrutiny from leadership. Companies have to figure out how to transform their organizations at the front line in a way that’s easy and effective. We need to move away from training and focus on how to help establish learning. Learning is output, training is input!
Many companies have security awareness programs, but not all security awareness methods are effective. With cyber threats coming non-stop, Employees have to demonstrate that 24/7 they understand what attackers are trying to accomplish and do their part to help their company keep risk at a minimum.
Helping an employee learn what to be prepared for from cyber threats must be an ongoing process that is relevant and empowering for the end user. Cyber criminals do not care if employees are in the office or a home environment, so the most useful security awareness learning addresses both environments
More content ≠ better awareness
The overwhelming majority of companies believe that generating and distributing “more content” (particularly video based content) is the answer to helping employees be more prepared in the face of cyber attacks. But how much of this is driving change in these organizations?
Employees are already dealing with information overload, and most IT teams are stretched to the limits in terms of resources and capabilities, so while videos are effective in delivering some types of content this does not translate as smoothly for awareness training.
For example, if a new cybersecurity threat emerged, the planning, production, distribution, and knowledge that the entire organization learned from the security message you are trying to engrain, video can present many challenges including long time to produce, high cost to create, and little ability to modify or change as security threats evolve.
Lessons from the President
The first President of the United States, George Washington, was said to be an incredible teacher. A giant of his time at almost 6’5” (while the average American was 5’6”), Washington understood you had to provide people with opportunities to learn. Show it to them, let them try it out and get a feel for it, and show them again. Giving someone an opportunity to learn something, show them how, let them try, and then show them again, and repeat.
This methodology worked to resounding effect and Washington’s men greatly respected him. Washington made sure he and his students covered all the relevant materials and gave them individualized training at the level they could comprehend. There is a lot we can learn and translate over to security awareness learning, and how to create a positive, robust security awareness culture.
For any of the awareness training your security teams are responsible for, striving for content that meets employees at their level of comprehension, at the relevant time, and enables multiple and regular learning experiences is critical to success.
This blog post was written by Rogers Turner Jr, Customer Success Manager at CybeReady
Ready to learn more about our fully autonomous security awareness training platform? Request a demo with one of our experts to find out if CybeReady is right for your organization.