Cybersecurity is a hot topic for many businesses around the world, as hackers, cybercriminals and data thefts more and more threaten organisations. Security investments are increasing, with significant effort and time dedicated to managing vulnerabilities and protecting corporate systems.
According to business analysts, more than half of companies acknowledge their employees to be the weakest link in cybersecurity policies since their daily actions put data and systems at risk. Should organisations do more training to raise staff awareness? The problem is not awareness, suggest security experts at Kaspersky Lab, but translating it into actual, responsible behaviours when managing corporate applications.
If you want to neutralise the ‘human factor’ in your organisation, do consider these five simple tips when scheduling your next cybersecurity training:
- Offer an interactive format – lectures tend to be boring and ineffective in engaging people. There are several options to design appealing and motivating lessons, both online and in a classroom, using gamification techniques to encourage active participation. Practical exercises and hands-on workshops should be included in the program.
- Customise contents – in their routine work, employees deal with different processes and applications, so they access various systems and information. Providing the same training to everyone is not a good idea; it would be better to customise contents as much as possible, creating ad hoc modules for single departments or offices. Staff members running business-critical systems, or accessing sensitive data should be offered advanced courses.
- Don’t overload – pieces of training should cover just what is most relevant and useful around cybersecurity, as employees are not expected to turn into cybercrime professionals or evangelists. If contents are abundant, prefer short and focused lessons, or create ‘snap’ contents such as videos, infographics, and so on to summarise top information to be remembered.
- Beware smart schedules – although the workload is always challenging, avoid scheduling classes in peak business periods when staff will be inattentive and uninspired. Cybersecurity training proves to be effective if repeated over time, reinforcing commitment and offering updates about latest threats and related protection measures.
- Favour cascading – people can be motivated by inviting them to spread their acquired know-how among peers. Some companies are piloting cascade training, thus selecting a team of cybersecurity champions, and asking them to educate colleagues. Easy-to-use contents and materials should be prepared for these newly appointed teachers.