Every Security Awareness and Training Program Can Benefit From These Creative Approaches for an Improved Security Culture
PITTSBURGH, PA -- (Marketwired) -- Nov 19, 2015 -- There are eLearning solutions to security awareness and training available, and we thought it might be nice to supplement these solutions with some unconventional tips to keep you and your end users at the top of their security awareness game.
1. Create a business case for a more advanced security
awareness and training program. Still having trouble getting
buy-in for a security awareness program? You could do what one of
our customers did, who (bravely) sent simulated email attacks to
board members before he gave a presentation to them. While we don't
recommend this approach for everyone, in this situation several of
the board members clicked unsafe links in these
mock phishing emails. The CISO received approval to send mock
phishing attacks to end users and provide follow-up training after
facing stiff resistance initially because of his stunt.
2. Do real-life penetration testing for reinforcement, which can be as easy as taking a walk around the office. We heard about a CEO who walked around his company without a mandatory badge. For every employee who stopped him, he gave them $100 and thanked them for their vigilance. Easy, effective, and an unforgettable story.
3. Make spotting phish and managing email easier. Email is a never-ending stream of information full of the good, the bad, and the ugly. One of our customers helps their end users by automatically flagging emails as from either an internal or external source (Internal: or External: in the subject line), making it easier for them to spot phishing emails.
4. Create a culture of secure behavior. We know customers whose culture includes sticking post-it notes with frowny faces on unlocked and unattended computers. It's a small move and is enough to get someone's attention, but isn't enough to anger people the way passive-aggressive notes can.
5. Have a company-wide contest for security awareness. If you use a phishing reporting tool or have some other way of measuring end-user security awareness, award top employees with a gift at a company gathering. It's a positive way of recognizing excellence and reinforcing behavior.
Want more information about security awareness and training? Read our related article: Your Five-Point Checklist for Cyber Security Education.
NewsMaker is an Australian Press Release Distribution and Social Media Marketing service founded in 2004. The company today represents over 22,000 brands who seek to share their content with journalists, bloggers and the community.
P: +61 414 69 70 71