10 Things I know about… Security training

Our VP of Sales and Operations, Janelle Drolet shares her 10 Things I know about… Security training with Worcester Business Journal

10) Become security aware: Organizations face the enormous challenge of safeguarding data from complex cyber threats. Human error still accounts for 95% of security breaches, according to the World Economic Forum.

9) Employee accountability: Security lies in what employees know and are trained to know, the tools at their disposal, and how they respond to phishing attacks.

8) Build a human firewall: By regularly conducting simulated phishing exercises seven times a year, organizations can train their workforce, cultivating their intuition and muscle memory to combat threats.

7) Limit tech overreliance: A holistic approach considering people, processes, technology, and oversight is necessary for security enforcement.

6) Awareness vs. action: Fostering a culture of security-minded behavior requires motivation and participation. Develop a shared sense of responsibility.

5) Communication challenges: Communicate concerns to all department levels without jargon. Security professionals should stress the financial fallout from an attack.

4) Behavior science: Understanding motivations, discouragements, and responses to phishing tests can make training more effective in creating a strong security culture. Use the carrot, not the stick. Never humiliate when someone fails a phishing test but highlight the risk to the business.

3) Tailor training content: Tailor the training content to various groups or departments depending on their security maturity. Use fun incentives like gamification, gift cards, badges, team vs. team.

2) Buy-in from the top: Leaders should set an example by taking the training. Employees need to hear about the potential for business disruption and costly remediation of a cyberattack.

1) Integrate awareness with new tech: As new technologies like AI and blockchain are more prevalent, employees must be trained to manage their security aspects.