[BreachExchange] How to Turn Every Employee into a Cybersecurity Expert cyber-class

[Audrey McNeil]

http://www.securitymagazine.com/articles/87698-how-to-
turn-every-employee-into-a-cybersecurity-expert

Chief security officers are the obvious point people to address a
workforce’s cybersecurity concerns. While it is the obligation of a CSO or
CISO to spearhead a company’s defense against cyber attacks, the
responsibility cannot fall solely on the shoulders of a single person. With
43 percent of data breaches caused internally and the average data breach
costing $4 million, fostering a companywide commitment to cybersecurity
awareness becomes a shared responsibility.

Given the technical nature of cybersecurity, the average employee may not
have a full grasp of best cybersecurity practices. In fact, up to 90
percent of internet users haven’t had any recent cybersecurity training. To
ensure that each employee helps fortify an organization against an attack,
providing digestible, effective training is critical – and eLearning is
making it easier than ever for companies to educate their employees.

Making Cybersecurity Digestible

The most successful training is accessible, entertaining and engaging.
These qualities are especially critical when the content is complex and
heady, and eLearning solutions can deliver these elements with a
responsive, visual interface.

Like any subject matter, cybersecurity can be intimidating for those not
already versed in it. While lectures on cybersecurity may dive into obscure
topics or use jargon, it is critical to consider employees’ knowledge and
utilize training techniques that align with and build off of their
understanding. Though it may be tempting to discuss the nitty gritty
details of a hack, consider what employees actually need to know to protect
your company.

Given the weight of the topic, it’s also imperative to employ training
methods that resonate with employees. While corporate training sessions
historically may have caused employees’ eyes to glaze over, given the
monetary loss associated with a breach, CSOs need to consider how the
training will engage employees and encourage retention.

Considering today’s digitally savvy workforce, eLearning may be a more
attractive option than more standard training fare when it comes to
engagement. Audiences tend to receive educational content better when it’s
visually and aurally stimulating, which can be fulfilled by the video
capability of eLearning. Adult learners in particular tend to reap video’s
benefits, with better engagement and retention.

Video is also the perfect medium for a compelling narrative, which is
another key component of effective instruction – modules can introduce
learners to characters who face similar scenarios. For example, a module
could focus on a character who is trying to decipher whether an email is
genuine or phishy, a scenario that your employees experience weekly if not
daily. From there, the module can bring the user and the character together
on a mission to learn the corresponding best practices.

Linking Conceptual Cybersecurity to Reality

The flexibility of eLearning makes it easy to render the training as
relevant to users as possible, not only through storytelling but also
through capabilities like course customization and responsive technology.

Along these lines, consider interactivity and having employees actually
practice cybersecurity best practices in a low-stakes environment.

For instance, have employees practice creating strong passwords and provide
real-time feedback. ELearning solutions can provide real-time feedback at
scale, and feedback given “in the moment” is far more likely to improve
performance. Interactions that directly adapt to the user allow for a more
personalized learning experience, while teaching actionable lessons that
can be applied to everyday situations.

Given demands on employees’ time, it is also worth considering offering
training that is flexible, allowing your team to access the content and
pace at their own convenience, while keeping in line with the company’s
broader timeline goals.

Changing Company Cybersecurity Culture

Cybersecurity training not only provides employees with a wealth of
information, but it can also arm CISOs and CSOs with valuable data about
their workforce.

Maybe your workforce is well-versed in data storage and transmission
practices, but has little knowledge about office tailgating, for instance.
Software can show you broader company patterns that you may not have
detected otherwise. With this information, your company can adjust the
eLearning modules and general cybersecurity strategy accordingly.

Finally, ensure that the education you offer provides actionable next steps
upon course completion. From there, employees can take the lessons learned
and translate it into real-life best practices. With malware adapting to
network security provisions, effective cybersecurity education is more
critical now than ever. Because of its dynamic, responsive and flexible
nature, eLearning presents an unparalleled opportunity to create a
companywide ethos of cybersecurity knowledge and accountability.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170105/1485a696/attachment.html>