Security Awareness Training: Three Tips for a More Effective Program
Enterprise Management Associates recently held a webinar on security awareness training and program effectiveness. In the post below you’ll learn how to engage your users and get the most out of your training program.
By David Monahan
Enterprise Management Associates
I just released a new research report called Security Awareness, It's Not Just for Compliance. In analyzing the data, I found some pretty scary results. A number of the findings were so unexpected, it is obvious that the personnel working in the security, risk, and fraud areas need help getting their message out and, in some cases, they need help realizing they need to have a message.
There have been a number of headlines about the research announcing the first and most egregious issue. Fifty-six percent (56%) of study respondents indicate they have not received any security awareness training from their employer. If management is expecting people to not be the weak link in security but aren't training them, they are setting unrealistic expectations that are not founded in any other aspect of education. It's like giving the calculus final the first day of the semester and basing the semester grade off that one experience. Remember, the definition of insanity is doing the same thing repeatedly and expecting a different result. If you are not providing training, START!
Getting past that, we still have a number of other issues to address. If we are putting time, effort and money into training, great! However, we could be throwing good after bad if we are not providing appropriate methodologies and measurements for training. If program leaders cannot demonstrate improvement, funds will not be allocated. Here is how you can knock out a couple of those birds with one stone...