View all posts

Where Security Training Falls Short

Published on

Learning and training are synonymous. From a young age, we’re indoctrinated with lessons and teachings that help us become better people, and ultimately, stay safe and out of trouble.

The same is true the instant we set foot inside a new office setting. From the day we begin a new job, we’re taught how to navigate the new organization, how to execute our roles and responsibilities, and how to keep our job safe and ourselves out of trouble.

In many organizations, information and cybersecurity are a critical category for employee onboarding and training. And it should be! If you were asked to go through a normal day for you with the caveat that you wouldn’t be able to use any technology, it would be physically impossible.

 

With that connectivity comes the need to understand how to use it safely—for your sake, and the organization’s.

But, as you’re probably well aware, mandatory security training is often dull, unrelatable, difficult, and woefully ineffective.

 

In some combinations of content, format, and cadence, most security training simply falls short.

 

Format

Consider your source, first. In order for the program to succeed, it needs to be engaging. While members of your IT team might have a strong knowledge base around information security, they may not excel at making the training engaging.

An annual PowerPoint presentation will never truly help employees recognize the role they can play in keeping the organization’s information safe, and certainly not why it’s important for them to play that role.

Frankly, anything that’s engaging and somewhat entertaining always helps.

 

Cadence

The training must be ongoing, too. Having employees actively practicing good security awareness and scam avoidance techniques dramatically increase a program’s success. Without active and constant participation in security practices from employees, organizational risk increases.

Picking a new topic to dive into each month could help keep the material relevant and fresh. Plus, it organically drives communication in your staff check-ins, quarterly all-company meetings, etc. when the training falls on a similar pattern.

An ongoing and tailored approach to security training and the ability to show employees why it matters to them is how you ensure your training is successful.

 

Segment Your Training

Training cannot be a one-size-fits-all approach. People learn differently, have different experiences, access different technologies, and process different data.

Separating training by department is a simple solution to a more targeted training approach. Your marketing team is going to have a unique technological experience from your finance, legal, operations, and HR teams. The training conducted should reflect the nuances of each of those departments and how they interact with technology and information.

Ask your employees to provide feedback on their own approach to security, too.

Employers do themselves a disservice when they don’t individualize training as much as possible.

 

To Be Continued

Format, proper segmentation, and cadence are not enough to have a successful training program alone. The topics you train on must align with the things that have and will have the biggest impact on your organization.

In part two, we’ll take a look at the training topics that many organizations miss the mark on (or simply miss altogether).

If you have questions in the meantime, get in touch with Symbol Security or FRSecure

___

Author:

Brandon Matis

Content Marketing Specialist | FRSECURE

Connect via LinkedIn