What have you found to be the absolute most effective way to deliver security awareness training? What actually seems to work best?

Awareness & TrainingRisk ManagementEmployee Engagement
1.5k views3 Comments
Sort By:
Oldest
Director in Manufacturing2 years ago
On a 1-1 basis if I happen to walk by an unlocked screen with nobody around I open a new Mail Message, increase the FONT to the maximum, and write something.  If I know who the owner is (usually) I will write an appropriately embarrassing note.   e.g. I QUIT, I am leaving to join the "Real Circus"  

On a mass scale, we always tried to use real situations that we had experienced within the company like imposters directing lower employees to route money, or similar spear phishing attempts.
2 1 Reply
CISO in Software2 years ago

Well written and I fully concur.

A gentle messing with an unlocked screen is fun and efficient, and if the company culture is good, others will follow the example :) 

For the company-wide messaging we try to tell stories based on the real-world incidents and breaches. A good example was the recent Dropbox breach via CircleCI phish (GitGuardian wrote a great explanation https://blog.gitguardian.com/dropbox-breach-hack-github-circleci/); I told the story and used it to play a "what if" and encourage ppl to start adopting passkeys or dedicated MFA apps in favour of the TOTP. We achieved much more profound impact than if we "just" sent a note along the lines "please consider FIDO2, it's more secure than TOTP" – colleagues started to talk to each other about the topic, and that's almost as good as it can get :) (and yes our IT is following up and making sure people acted on the guidance...)

lock icon

Please join or sign in to view more content.

By joining the Peer Community, you'll get:

  • Peer Discussions and Polls
  • One-Minute Insights
  • Connect with like-minded individuals
Senior Information Security Manager in Software2 years ago
While October was cybersecurity awareness month, the truth is that every month is cybersecurity awareness month.

And for awareness to be effective, it must be tailed to the specific organization.

There are a lot of off-the-shelf SasS awareness platforms.

But if you don’t find the right one that speaks to your specific risks and talks to your specific employees, they will just play it in the background to get the CPEs. And not get any of the messages. And if that happens, it is completely management's fault.
 

https://cybersec.banyansecurity.io/s/october-is-cybersecurity-awareness-month-part-4-recognize-and-report-phishing-5625

Content you might like

Do you prefer learning using audio or video content?

Training & CertificationPersonal DevelopmentEmployee Engagement

Audio19%

Video70%

No preference8%

It depends (please explain in the comments)1%

View Results
3.7k views2 Comments

How much does technical debt affect employee morale? What is the ultimate impact of tech debt — have you ever seen staff leave the organization as a result of it?

EngineeringEmployee EngagementStrategy & Architecture
Sr Director of IT Global Infrastructure in Manufacturing9 days ago
Having outdated software and hardware assets can lead to an environment with increased failures that are harder to resolve compared to a more up-to-date setup. Vendor support for older platforms diminishes over time, and ...read more
Read More Comments
474 views1 Upvote2 Comments

What tools or frameworks have you used to visualize cybersecurity risks in a digestible way for the board?

Risk ManagementSecurity Strategy & RoadmapBoard Engagement
CIO in IT Services23 days ago
I used the NIST 800-53 Risk Management Framework. My program is wrapped around the framework, so that way they get to see risks on the registry. They understand the model for scoring risk, and then there's a decision factor ...read more
1
Read More Comments
188 views4 Comments

What's a greater concern for returning to the office? Comment how you are prioritizing...

People & LeadershipStrategy & ArchitectureCloud+29 more

Human Factors (fears, mental health, physical spacing)85%

Technical / IT Factors (on-premise tools, pivoting back away from remote)14%

3.7k views3 Upvotes2 Comments

How do you navigate the challenges of working with offshore support models? Are there any specific strategies or approaches that you have found effective in ensuring smooth collaboration and communication?

IT Strategy & RoadmapPeople & LeadershipEmployee Engagement
VP, IT Delivery and Technical Business Supporta month ago
One of the key strategies is establishing clear communication channels. In today's world of remote working, this has become much easier. We use Teams, but tools like Slack or Zoom can also facilitate real-time communication. ...read more
Read More Comments
1.8k views4 Comments