For many employees, the prospect of cybersecurity training is tedious. Often, these sessions focus on a list of procedures, enumerating technological dos and dont’s. It is unsurprising then, that this uninspired format has little long-term impact on staff behavior. In celebration of National Cybersecurity Awareness Month (NCSAM), we are changing the narrative of ineffective cybersecurity curricula.
For new, engaging ways to drive employee awareness, see below:
1. Spear Phish Your Employees
Can your staff tell the difference between genuine and phishing emails? End-users are responsible for opening 30% of all phishing emails, often proving the weakest link in cybersecurity defenses. By mass spear phishing staff, you are able to test your employees' ability to discern genuine email content from malicious attachments.
2. Personalize Training for Greater Memorability
When presenting cybersecurity training, emphasize that these are transferable skills. If employees use secure practices on their home computers and phones, they will be more likely to do so at work. Using everyday common-sense precepts, as opposed to IT jargon, will also improve employee retention.
3. Reward Staff for Their Cybersecurity Awareness
Despite well thought-out cybersecurity policies, you may still find many employees non-compliant. Devise a means of measuring end-user cybersecurity awareness. After doing so, reward staff members who follow best practices. By recognizing highly compliant workers, you may incentivize others to improve their security habits.
4. Make Your Message Visible and Interactive
A cost-effective way of increasing cybersecurity awareness is the use of timely, brief and intriguing content. Media such as posters, comics, flyers, etc. are known for their effectiveness in communicating specific messages. Consider strategic placement, such as break rooms and above printers, to boost employee awareness.
5. Leverage Your Digital Marketing Team
Encourage collaboration between your marketing and IT teams, to leverage social media platforms and tools (i.e. videos within the Microsoft Office 365 platform) to distribute helpful cybersecurity content. From short instructional videos to concise how-to guides, there are numerous ways to boost employee engagement with creative, newsworthy cybersecurity content.
