What security awareness programs do you find helpful for employees?

People & LeadershipStrategy & ArchitectureEnd-User Services & Collaboration+2 more
1.2k views2 Upvotes9 Comments
Sort By:
Oldest
Vice President, IT & Systems in Software4 years ago
We had been running phishing campaigns every other month, but we still see a majority of users who learn and unlearn. We have to constantly keep educating end users. We have found mailers that have really worked. We try to send at least 4-6 IT tips and security guidance emails every month to keep reminding people on what they should and shouldn’t be doing. Add-on’s like the report phishing feature is also really helpful. Tying security related training to people who fail a phishing or security test helps in the long run.
no title4 years ago
I think helping the company understand that it's everyone's responsibility to keep the company secure (one compromise could in fact take everything down, so to speak) is very important. I think making sure that people understand that they need to take the time to think before doing anything, to have that level of suspicion. We want them to know they shouldn’t be afraid to ask if something is phishing. I think one of the great things we do is that new hires get phishing training and other security training. We see all kinds of poorly formed emails that are legitimate, but they get sent to us now, and it is encouraging to see that. I want to make sure people understand that just because you can't spot the phish necessarily, that is nothing to be embarrassed about. We'd rather you show us what you found because that might help us in general. There's nothing to be ashamed of and there's nothing wrong with pointing out something you see, and just making sure that there's a greater awareness overall.
1 Reply
Vice President, IT & Systems in Software4 years ago

Also in phishing campaigns you've got to be aware of the content within the email. You will be surprised by the sensitivity that surrounds some templatized use cases available especially during certain cycles of the year it’s truly, astounding. So while IT managers are selecting these campaigns, you really need to wear the end user hat as well.

lock icon

Please join or sign in to view more content.

By joining the Peer Community, you'll get:

  • Peer Discussions and Polls
  • One-Minute Insights
  • Connect with like-minded individuals
CIO in Energy and Utilities4 years ago
Continuos education and capaigns like email signature messages, corporate screen wallpapers, etc. We observed a dramatic decrease on phishing/malware tickets since we implemented this strategy.
VP, Chief Security & Compliance Officer in Software4 years ago
We are past the time of awareness, we need to require engagement and ownership. Focusing on defense mind set at the home translates for improved general work place performance. Ownership mind set on secure SDLC translates for better performance in the technical areas.
1 Reply
Field Chief information Security Officer (CISO) for Public Sector & Client Advisor in Finance (non-banking)a year ago

Thanks . I generally agree, and I have written blogs with a similar sentiment. 

But my question is, as a chief compliance officer, how do you train employees on current cyberthreats and stay current? What is required and optional for staff? Also, do you make that content fun, engaging, relevant, etc.? 

Finally, how do address newer topics like GenAI (good, bad, ugly...) 

Director of Network Transformationa year ago
There are a few vendors out there looking to "gamify" security awareness.  Heard positive feedback.  

Content you might like

I am trying to understand what are the key skills on the ground that would be pivotal for moving our company to a digital first organization? Have you trialed anything in your organization? What are the skills and trainings you recommend that would be beneficial for the CDIO function at a high level to at least be prepared for the digital disruption in the next two years?

Process Management
Banking Platform Transformation Lead in Finance (non-banking)8 days ago
 Not knowing the current state of your organization, it is difficult to say definitively what skills and training are required for the CDIO function. However, based on my experience of working on multiple digital transformation ...read more
1
Read More Comments
1.6k views7 Comments

What is your primary deciding factor in adopting enterprise search?

Strategy & ArchitectureCloudEnd-User Services & Collaboration+26 more

TCO19%

Pricing26%

Integrations21%

Alignment with Cloud Provider7%

Security10%

Alignment with Existing IT Skills4%

Product / Feature Set7%

Vendor Relationship / Reputation

Other (comment)

View Results
5.7k views3 Upvotes1 Comment

Which tech conference do you intend to attend in person next year or have already participated in this year, and what motivated your choice?

Applications & PlatformsCloudData & Analytics+15 more
Head of Enterprise Architecture MERCK Group in Healthcare and Biotecha year ago
Strategy & Architecture
Read More Comments
39k views5 Upvotes34 Comments

I am increasingly having to present to our board and it’s not always the best experience. Do you have any advice on how best to approach a company board that is not technical at all?

People & Leadership
Chief Cloud Officer in Software6 years ago
My board experience has primarily been with board members that are not technical. The approach I take is to "translate" technical bits into business impact information. It seems many non-technical board members care most ...read more
64 3 Replies
Read More Comments
177.4k views169 Upvotes153 Comments

In the past 6 months, have you seen an uptick in targeted cyberattacks on telehealth devices and networks?

Security & GRCNetworkThreat & Vulnerability Management+2 more

No Increase16%

1-5% increase47%

6-25% increase24%

26-50% increase6%

51-75% increase1%

76%+1%

Other2%

View Results
1.7k views1 Upvote