Cybersecurity and the Human Factor

What is your best way to train and create awareness in your organization for the average employee with no IT or cybersecurity background or knowledge? How often do you deploy training and awareness campaigns? Any tips on language or visuals that have the most impact and are the most effective in conveying the importance of good cybersecurity practices?

Reads like a SEO pitch to me.

Louis

I had to search what SEO means... I am new to Cybersecurity and am genuinely interested to know what other people do to mitigate the human factor risk. I am genuinely hoping to spark knowledge sharing and learn something. 

Edited by VH_, 28 July 2023 - 01:59 PM.

Implement employee training and test them

How do you test them? Do you purposefully try to trick them into clicking on phishing links or into giving away sensitive data?

Implement employee training and test them

How do you test them? Do you purposefully try to trick them into clicking on phishing links or into giving away sensitive data?

Thank you! Any sites you would recommend? Any sites that you have used and have proven to have effective programs? Thanks again for taking the time!

Edited by hamluis, 29 July 2023 - 05:53 AM.

What is your best way to train and create awareness in your organization for the average employee with no IT or cybersecurity background or knowledge? How often do you deploy training and awareness campaigns?

We just had a mandatory training like that. The boss asked me to do it for the rest of the colleagues, since most could not even finish it.

You can not force knowledge on people, it is as bad as forcing changing the password, which proved to be a wrong idea even by NSA.

We are forced to change the password every 3 months, everyone uses stickers on monitors, so they can remember the change.

Edited by TairikuOkami, 29 July 2023 - 10:19 AM.

The sites I have used have all been used by the places I've worked for like the FBI and Fortra. You can try searching for cybersecurity phishing training sites.

Thank you! I'll take a look. If the FBI uses them... Thanks again!

 

What is your best way to train and create awareness in your organization for the average employee with no IT or cybersecurity background or knowledge? How often do you deploy training and awareness campaigns?

We just had a mandatory training like that. The boss asked me to do it for the rest of the colleagues, since most could not even finish it.

You can not force knowledge on people, it is as bad as forcing changing the password, which proved to be a wrong idea even by NSA.

We are forced to change the password every 3 months, everyone uses stickers on monitors, so they can remember the change.

 

I completely agree you can't force knowledge on people. That's why I'm looking for training and awareness strategies that get the knowledge through in a light/accessible way that doesn't feel "forced".  I may be asking for too much..

This is a very challenging environment. People are so vastly different. Interests, perspectives, views, likes, dislikes and it goes on and on. Given human dynamics, there's never going to be one size fits all and we don't expect there to be. I think it's about consistent awareness. It has to be constant and adapting. I think there's a slight element of "fear" needed, which might be too strong of a word but if people have no consequences for their actions it won't be taken seriously.