You’ve provided cyber security training. You feel like it’s a job done-well. Employees might have gained knowledge, but could they still succumb to the Dunning-Kruger effect? Could they miscalibrate their competence in preventing phishing attacks, accidentally permitting a scammer to slip through? In a new survey, roughly 70% of employees reported having received cyber security training. Nonetheless, over 60% did not pass a basic cyber security quiz.
Prepare and prevent
When it comes to cyber security, employees can be your strongest defense or your weakest link. Reinforcing the significance of cyber security and providing effective employee education is a must.
By some calculations, as many as 90% of data breaches occur due to human error. Thus, an organization with outstanding cyber security architecture can still easily fall prey to an attack. As a result, cyber security awareness represents a critical component of a cyber security framework. Secure your organization and ensure that your employees don’t fail their next cyber security quiz.
Top training and engagement strategies
- Hold cyber security education lunches or workshops more than 1x per year. Reinforce the message regularly.
- Gamify your training. This makes it fun, memorable and easy to understand.
- Stay away from abstract. Make training examples easy for employees to relate to.
- Appoint cyber security culture leaders for individual departments. These individuals can serve as approachable people for staff to come to with cyber security questions.
- Recognize and appreciate your employees for their cyber security achievements. Find a tangible means of showing your employees how much their training has truly assisted the organization.
Research shows that cyber security awareness training for the entirety of an organization’s employees easily justifies the investment. In many cases, online training costs are minimal, just a few dollars per participant.
As CISO Stephane Nappo astutely pointed out “It takes 20 years to build a reputation and a few minutes of cyber-incident to ruin it.”
For more about cyber security training, click here.
