What security awareness programs do you find helpful for employees?

999 views2 Upvotes10 Comments

Vice President, IT & Systems in Software, 1,001 - 5,000 employees
We had been running phishing campaigns every other month, but we still see a majority of users who learn and unlearn. We have to constantly keep educating end users. We have found mailers that have really worked. We try to send at least 4-6 IT tips and security guidance emails every month to keep reminding people on what they should and shouldn’t be doing. Add-on’s like the report phishing feature is also really helpful. Tying security related training to people who fail a phishing or security test helps in the long run.
no title, Self-employed
I think helping the company understand that it's everyone's responsibility to keep the company secure (one compromise could in fact take everything down, so to speak) is very important. I think making sure that people understand that they need to take the time to think before doing anything, to have that level of suspicion. We want them to know they shouldn’t be afraid to ask if something is phishing. I think one of the great things we do is that new hires get phishing training and other security training. We see all kinds of poorly formed emails that are legitimate, but they get sent to us now, and it is encouraging to see that. I want to make sure people understand that just because you can't spot the phish necessarily, that is nothing to be embarrassed about. We'd rather you show us what you found because that might help us in general. There's nothing to be ashamed of and there's nothing wrong with pointing out something you see, and just making sure that there's a greater awareness overall.
1 Reply
Vice President, IT & Systems in Software, 1,001 - 5,000 employees

Also in phishing campaigns you've got to be aware of the content within the email. You will be surprised by the sensitivity that surrounds some templatized use cases available especially during certain cycles of the year it’s truly, astounding. So while IT managers are selecting these campaigns, you really need to wear the end user hat as well.

CIO in Energy and Utilities, 11 - 50 employees
Continuos education and capaigns like email signature messages, corporate screen wallpapers, etc. We observed a dramatic decrease on phishing/malware tickets since we implemented this strategy.
VP, Chief Security & Compliance Officer in Software, 1,001 - 5,000 employees
We are past the time of awareness, we need to require engagement and ownership. Focusing on defense mind set at the home translates for improved general work place performance. Ownership mind set on secure SDLC translates for better performance in the technical areas.
1 Reply
Field Chief information Security Officer (CISO) for Public Sector & Client Advisor in Finance (non-banking), 1,001 - 5,000 employees

Thanks . I generally agree, and I have written blogs with a similar sentiment. 

But my question is, as a chief compliance officer, how do you train employees on current cyberthreats and stay current? What is required and optional for staff? Also, do you make that content fun, engaging, relevant, etc.? 

Finally, how do address newer topics like GenAI (good, bad, ugly...) 

Director of Network Transformation, Self-employed
There are a few vendors out there looking to "gamify" security awareness.  Heard positive feedback.  
Information Security Director in Media, 10,001+ employees
ProofPoint's approach to continuous learning with micro-learnings to maintain awareness.  This can also help when new threats are identified.  Our users are like the situational/interactive scenarios.
Global Chief Cybersecurity Strategist & CISO in Healthcare and Biotech, Self-employed
LinkedIn Learning FREE security awareness training by Caroline Wong.
Director of IT, Self-employed

Effective security awareness programs for employees are crucial in today's digital landscape. These programs help employees understand the importance of cybersecurity and their role in protecting their organization. Here are some helpful security awareness programs and practices:

Phishing Simulation and Training: Conduct regular phishing simulations to test employees' ability to identify phishing emails. Provide immediate feedback and offer training modules to educate them about phishing threats and prevention.

Cybersecurity Training Courses: Invest in comprehensive cybersecurity training courses that cover various topics, including password security, data protection, social engineering, and safe web browsing. Consider platforms like KnowBe4, SANS Institute, or SecurityIQ.

Interactive Workshops and Webinars: Organize workshops and webinars to engage employees actively. These sessions can cover real-world examples, case studies, and practical tips for staying secure online.

Content you might like

Founder, Self-employed
Work travel is a privilege. Embracing your experience to meet new people, and see the beauty of nature and culture wherever you go.
Read More Comments
70.6k views71 Upvotes41 Comments

Director of IT in Manufacturing, 5,001 - 10,000 employees
key performance indicators
Read More Comments
5.6k views2 Upvotes7 Comments