2 minute read
Supply Chain Resiliency and the need for stress tests 26
social incidents and 93 percent of all breaches investigated.” Training employees to recognize phishing and social engineering attacks helps them to be more aware of these cyber threats—reducing the likelihood that they’ll fall for these schemes in the future.
2) Test Employee Cyber Security Awareness
Advertisement
Organizations should test employees on their security awareness from time to time to ensure that the lessons were actually learned. These tests can take numerous forms—from simple assessments that occur at the end of a training program to randomized fake phishing emails designed to see if employees will fall for them.
Testing employee cyber security awareness helps to reinforce the lessons from the formal training programs—as well as highlighting gaps in security awareness amongst employees. For example, if more than half of all employees fall for the same trick, odds are good that this is an awareness gap that needs to be addressed.
On completing a test, it may help to provide the assessment results to employees so they can see what they need to work on. Businesses can also have their IT security teams review these results so they can modify the security program to account for the weakness (or recommend training resources to close the security gap).
Practical testing, or learning by doing, can be particularly effective for improving retention of information—which naturally leads to better cyber security awareness. As noted in one Forbes article on the subject of experiential learning, “Retention and confidence are far greater when participants have had the opportunity to practice coaching, delegating and listening. Combine that with reflection time and feedback, and you have the best training scenario and ROI!”
3) Circulate Major Cyber Security Incidents in Meetings or Newsletters
Another way to raise awareness of cyber risks in an organization is to highlight major cyber security events in your industry when they occur. Regrettably, it probably won’t be too long before there are several good examples to share—one Business Insider article published in late August highlights no fewer than 16 massive data breaches that occurred over the course of the previous year.
Bringing up these cyber security incidents and their underlying causes during meetings with team members is a great way to improve cyber security awareness throughout an organization. It also helps to highlight why following cyber security best practices is a good idea to employees—largely by demonstrating how weak cyber security practices could adversely impact the organization as a whole.
If it simply isn’t possible to have team leaders engage in face-to-face meetings with team members to discuss cyber security incidents within their industry, it may help to distribute stories about cyber security incidents in an internal newsletter or mass email. While not as effective as having a personal conversation with employees, emails highlighting major breaches can help to improve awareness of specific cyber risks that other companies in your industry have fallen for.
