If you're looking for ways to engage everyone from senior leaders to your entry level employees in your awareness program, then here is some good news from the latest SecureWorld web conference, "Cybersecurity Heroes Aren't Born... They're Made."
You can watch the security awareness web conference on-demand.
Level set on the phishing problem from Wombat research
- Don't underestimate the need.
- Don't skip on prep work.
- Know what to measure.
- Take a continuous approach.
- Consider motivational techniques that make awareness training standout and more fun than other required training.
Intel security awareness program
And playing off number 5 on Wombat Security's list, making things fun and interesting is a key piece of what Michael Diamond does as the Information Security Awareness Program Manager at Intel Corporation.
This magnet frame, which Intel's awareness team used, is a great example: What's your zombie mood? Many emotions put you at risk for ransomware!
"The mood we want people to be in is 'suspicious', of course," says Diamond. "Employees really wanted these things, and they even used the blue magnet frame around their kids' picture, things like that."
In addition to other creative ideas, he highlighted the fact that you need security awareness advocates across the organization.
"Partnerships impact the success of your program. Are you providing interesting content to internal channels, to Legal, HR, IT, Products and Service Development, others? Be thinking of those partnerships."
Johnson County, Kansas, security awareness program
Donna Gomez, who is Security Risk and Compliance Analyst with the Johnson County (KS) Government, picked things up from there with a look at a key problem with many awareness programs that limit their success.
"What's missing from so many security awareness programs is governance. It is very important that governance is part of what you're doing." See her slide on what this missing element means:
Gomez also went over what's necessary for a comprehensive security awareness program and how to measure it. "Just because people take and pass a quiz doesn't mean they have actually gained the necessary knowledge. We have to go beyond that."
She told web conference attendees that they can create cybersecurity heroes out of their employees; however, leaders must do things well to see that transformation.
Bancorp Bank security awareness program
Tony Meholic is the Director of Cybersecurity and Chief Security Officer at The Bancorp Bank. He explained the extra hurdles to security awareness that exist in companies with a highly regulated environment.
"One of the challenges we have come across is that many of our employees are already inundated with required training. It is not unusual for employees to have five or six trainings they have to do during a single quarter."
To make security awareness training standout, one of the things he and his team do is alter the frequency and nature of the awareness program.
One example is a lunch and learn on changing topics, both live and through Webex for other offices. An actual member of the InfoSec team is present at each site to help answer questions.
"The threats are constantly changing, so we had to be sure that our awareness training content is also changing as well." The bank's threat intelligence team helps with that effort. He also discussed a key partnership with HR.
These are just the highlights of "
Thanks to the SecureWorld web conference presenters and the hundreds of security professionals who attended, learned, and earned CPE credits. It's not too late; you can do the same thing on-demand right now.
