It’s clear that staff can be the weak point in the cyber security chain. Providing the right type of cyber security awareness program can mean the difference between preventing a large-scale breach or being the victim of an expensive ransomware attack. Below are some do’s and don’ts for an effective cyber security awareness training program.
Don’t rely on long training videos
Most employees will not sit through a training video longer than 5 minutes. Even if they do manage to sit through it, they may not give it their full attention and will not retain all the information. Instead, opt for shorter clips, no more than 3-5 minutes. Any more than that, and employees will insist that the videos are taking away much needed time from their job.
Do employ active training methods
Active training methods such as phishing simulation testing, are effective in both training staff how to recognize phishing, and for showing management how much further training is required and by whom. Once management knows which employees need further training, time and budget can be spent on getting those individuals up-to-speed.
Do practice your incident response plan
Simulating disaster recovery and incident response is an important for any organization. Just like your company may have an “emergency drill” to test the employees’ response to a disaster, it is important to test out how a recovery plan in a cyber emergency will work. You may find that you may need to make changes to the plan. The key to the “drill” is it has to be realistic, so that your team is prepared to respond to a real threat.
Do reward those employees who take company security seriously
Negative reinforcement tends to make staff feel bad and only do enough to not be fired, however, positive reinforcement of a cyber security awareness program is a critical element of a success. Employees who feel valued and appreciated will go that extra mile to help protect company resources. The nice thing is positive reinforcement doesn’t have to be expensive. Small things like giving whoever does best in the phishing simulations over the quarter a gift card. Tying cyber security into performance reviews also sends the message to your employees that you value their contribution to the security of the organization.
Want to test the cyber security awareness of your staff? Contact Uzado today to learn more about our phishing awareness training.