Six Essential Items in a Holistic Security Awareness and Training Program

This recent article outlines six essential items to think about while building your holistic security awareness and training program:

1. Collateral is a broad term for internally distributed materials. These are things like newsletters, blogs, and other internal communications. These types of internal communication serve as a simple reminder to your users that security is important and gives you an opportunity to educate them once you have their attention.
2. Posters are a tried and true method of raising awareness. While some people believe they are old-fashioned and outdated, they can be very effective when they are well designed.
3. Interactive software training (the author calls this Computer-based training (CBT)) is the most omnipresent component of security awareness programs. These training modules can range from 3 minutes to an hour long with varying degrees of interactivity. They can summarize the most important lessons you would like your employees to learn.
4. Well-executed events bring the Security Awareness program, and the whole security effort for that matter, to life. These events are your greatest opportunity to put a face on security. This is a chance to boost security morale and educate your users. Examples of events could be a game booth, demonstration or lunch and learn.
5. An internal security portal provides several functions. It provides a knowledge base that can be time-consuming to create and maintain, but can provide a huge return on investment when it includes information on security related topics. The other critical aspect of a security portal that should be included is a method to contact the security staff with questions. This provides a way for people to report potential incidents, and just reach out with general questions and concerns.
6. Behavioral testing and teachable moments -- Phishing, USB drive drops, and social engineering tests require some care, but are important components to give your employees a "teachable moment." The employees that are not practicing safe security behaviors will be identified with these practices and will be given on-the-spot training to educate about the risks of their actions and how they can spot real attacks.

To benefit from the author’s full discussion on these six essential items, read the full article here in the CSO Online magazine.

You can also learn more about Wombat Security’s interactive security awareness training here.