Welcome to the third article in our Five Traits of Successful Cybersecurity Training series. If this is your first read in the series, we recommend reading the introductory post and first trait post before continuing. A table of contents of the series is available at the bottom of this article to assist with navigation.
Our first trait focused on building a security culture. Today, we focus on the second trait, Ongoing/Daily training. Ongoing training is a logical extension of a focus on culture. We believe that a successful program keeps security in all employee's minds every day. Keeping the conversation about security ongoing helps keep the topic in employees' minds.
Does this mean that you should have employees run a training module every day? No, training every day would be cost-prohibitive, time-consuming, and inefficient. At the same time, there is a balance to be found between daily and annual formal training. Augmenting formal training can be accomplished by taking advantage of real-time, everyday opportunities in the office.
There are many ways to reinforce training. Some of our ideas and recommendations include:
Share articles on cybersecurity events related to your industry and start a conversation.
Use your internal communication platform, for example, Teams or Slack, to take a poll on security topics to test and challenge employees' knowledge.
Take five minutes during all-hands meetings to refresh employees on how to report issues.
Send test phishing emails and make phishing calls to test users' ability to identify attacks.
Taking these steps helps remind users of your security-focused culture and provide training opportunities without forcing people to watch long training videos or participate in long training seminars. These tools help keep training fresh and prioritize securities' importance.
Join us next week as we talk about trait number three, interactive training.
Five Traits of Successful Cybersecurity Training - Table of Contents