Five Unconventional Tips for Your Security Awareness and Training Program

Share with your network!

Every security awareness and training program can benefit from these creative approaches for an improved security cultureThere are eLearning solutions to security awareness and training available, and we thought it might be nice to supplement these solutions with some unconventional tips to keep you and your end users at the top of their security awareness game.

  1. Create a business case for a more advanced security awareness and training program. Still having trouble getting buy-in for a security awareness program? You could do what one of our customers did, who (bravely) sent simulated email attacks to board members before he gave a presentation to them. While we don’t recommend this approach for everyone, in this situation several of the board members clicked unsafe links in these mock phishing emails. The CISO received approval to send mock phishing attacks to end users and provide follow-up training after facing stiff resistance initially because of his stunt.
  2. Do real-life penetration testing for reinforcement, which can be as easy as taking a walk around the office. We heard about a CEO who walked around his company without a mandatory badge. For every employee who stopped him, he gave them $100 and thanked them for their vigilance. Easy, effective, and an unforgettable story.
  3. Make spotting phish and managing email easier. Email is a never-ending stream of information full of the good, the bad, and the ugly. One of our customers helps their end users by automatically flagging emails as from either an internal or external source (Internal: or External: in the subject line), making it easier for them to spot phishing emails.
  4. Create a culture of secure behavior. We know customers whose culture includes sticking post-it notes with frowny faces on unlocked and unattended computers. It’s a small move and is enough to get someone’s attention, but isn’t enough to anger people the way passive-aggressive notes can.
  5. Have a company-wide contest for security awareness. If you use a phishing reporting tool or have some other way of measuring end-user security awareness, award top employees with a gift at a company gathering. It’s a positive way of recognizing excellence and reinforcing behavior.

Want more information about security awareness and training?

Subscribe to our blog (in the top-right hand corner of the page) or read our related article: Your Five-Point Checklist for Cyber Security Education.