Training cyber security behavior in your organization is important and helps to defend cyber attacks like a shield. We take a different approach to cyber security training, and focus on behavior, to learn people how to use cyber security skills, and build a sustainable culture of cyber security within your organization.
“Today’s security awareness training focuses too much on awareness and too little on practice.”
Practice and learn your people to use cyber security skills, using cyber attacks based specific threat scenarios for your organization, learning by doing!
Learning by doing
There are two main reasons why today’s security awareness training does not work. First, there aren’t enough practical exercises. The training often consists of voluntary e-learning materials, such as videos, Powerpoint presentations, and interactive exercises.
Second, security awareness training currently focuses too much on increasing awareness. Awareness in itself isn’t enough: it has to lead to correct action. In the domain of social engineering many attacks reach their goals no matter how aware their targets are.
Hackers behind phishing attacks aim to tap into people’s emotions. If you generate enough fear or threat, a person will easily do something irrational, like open a shady attachment, even though they know perfectly well they shouldn’t.
“If you generate enough fear or threat, a person will easily do something irrational, like open a shady attachment, even though they know perfectly well they shouldn’t.”
Security awareness training shouldn’t be approached from the point of view of fear, threat or worst case scenarios. Instead, employees should be encouraged to understand and discuss security issues in the context of their work.
Efficient training is a possibility to build a sustainable culture of cyber security within a company.
Focus on how to respond to cyber attacks
Your people can help you shield your organization from cyber attacks. When you involve your people in information security training, you provide them with up-to-date know-how on cyber threats.
But, it’s not enough that they are aware of the risks. They need to be able to identify different attack types, but they also need to know how to act once they detect that something is wrong.
“To change or improve your peoples behavior, practice is key by learning to use the right skills.”
When you include people in your practical security awareness campaign, you equip them with the right knowledge and skills. This can create a shared sense of responsibility and accountability.
By engaging all people from your organization, you communicate that everyone in your company is responsible for security.
Create a human cyber security shield
You’d probably not think twice about investing in information security technology to protect your organization. Gartner forecasted that in 2019, companies would spend 124 billion US dollars on defense technologies.
Since most incidents start with human error, you should also spend money on learning your people how to respond to cyber attacks. People making error puts your company at risk.
You seriously need to consider improving your defenses. Without being able to recognize the threats, your people are easy targets for hackers.
“As we spend more time online and cyber attacks become increasingly common, it’s essential that people recognize the threats and know how to respond.”
You should encourage people to behave the right way while they are at work, but highlight also that you provide them with an essential skillset to be more secure in their private life while browsing the internet, using email, or shopping online.
This is the knowledge that they can also pass down to their colleagues, customers, families, friends, or their communities.
Help people recognize cyber threats
First, people should be aware of the most common cyber threats:
- Spear phishing
- Social engineering (fake identities, clickbait, sneaky tactics used by hackers to get company information)
- CEO phishing scams
These threats could result in a severe data breach or other consequences, such as paying criminals millions of dollars to secure your information.
Cyber security is a constantly evolving area. Hackers move fast, and they come up with new attack types all of the time.
“You need to make sure that you keep your peoples cyber security skills updated, by not only communicating to them the different attacks but also by allowing them to practice and learning by doing.”
Unskilled people are the biggest risk
Unskilled people are the biggest threat to your organization. When you think about the learning topics, remember, it doesn’t need to be complicated. Learning can be super simple, but it should still cover essential areas.
“The emphasis is on continuous learning. Remember to update and repeat the training regularly. Repetition is the key to creating a habit.”
Frequent practice means that employees can become accustomed to cyber threats like phishing or social engineering. If they fail some of the exercises, at least they fail in a safe environment.
Skilled people how to behave secure in cyber will add the most critical layer of defense to your cyber security.
Cyber security awareness is changing quickly
This is partly because of innovative training providers who have made it their mission to help companies improve their employee education and partly because more and more CISOs recognize that people are an essential part of the defense against cybercriminals.
“Ask yourself what you recall about security training?”
For most of us, it means an eLearning environment, PowerPoint presentations, clicking through educational material, lectures on policies, and a few sessions of training a year apart from each other.
Our way of cyber security training incorporates the following practices:
- People should practice embracing the correct behavior when they experience something different.
- Continuous learning that happens frequently.
- Personalized training that is tailored to the individual
- Simulates real-life attacks
- Up-to-date with the with the latest trends and types of cyber attacks
- Focusses on awareness and behavior change
- Positive feelings about the learning sessions
- More interesting, often interactive and fun!
Learning your employees pays off
Creating a strong cybersecurity culture starts with employee learning. You should emphasize that everyone can help to protect your organization.
“You can’t prevent cyber attacks. However, by learning good cyber security skills, you can identify and report them to the proper authorities.”
We provide cyber security learning for your people and help you to plan, communicate, and execute the learning sessions, the results will be rewarding in fighting off cyber attackers.