What cybersecurity awareness techniques have you found most effective?
Sort By:
Oldest
Information Security Manager in Software2 years ago
We tried a lot of things presentations, videos but most successful one was the hand to hand experience. The lab where employees can see what might happen if they will click to something they should not have. I know it is hardwork but after that everyone got responsible.CISO in Software2 years ago
Plus one on both tailoring to the audience and doing it repetitively. It's best it it's brief and straight to the point – rather than a long over encompassing presentation. In my onboarding, I focus on everyone's responsibility for information security and how to reach us.
Our simulated phishing campaigns indent mostly to remain our employees that everyone may become a victim, and are usually focused around something very relevant. And we do personally reach out to all who report it and discuss or explain.
In the end, you either spark an interest in the recipients – and then you've done your job well – or not, and it's a loss of time and effort.
CIO/CISO in Healthcare and Biotech2 years ago
A hands on approach consisting of a two-pronged approach: 1) Employing awareness training by the usual means (videos, simulations, etc) 2) Consistent and never ending personal engagement with business leaders and other key stakeholders to keep the importance of security awareness elevated on a consistent basis.Director of Information Security & Technology in Healthcare and Biotech2 years ago
Continuous phishing simulation campaigns with mandatory remediation training has been incredibly effective for increasing end user reporting of suspicious emails.
2. Understand that these things are not always going to be engaging so focus on what is practical. Less is more. Social engineering, password hygiene--focus on ROI.
3. Iterate. Get feedback to support a test-and-learn approach.