Is security training for employees effective?

1.3k views6 Comments

VP, IT and Operations in Software, 1,001 - 5,000 employees
It's fairly effective, but it’s not perfect. It depends on the kind of training. Employees tend to be a lot more tolerant if you have everyone do the training. In my previous company, it became part of our culture that everybody has to do security training. We had our own learning product, so we used to create all of these interesting learning and development (L&D) workflows for them. It definitely led to improvement, even for phishing attacks, etc. And the other benefit was that a lot of other stakeholders understood the relevance of security, so they were open to having those conversations when buying software. Everybody wants a security buy-in; they've been through this training, so they understand the impact of not having a secured application.
Founder and CIO, Self-employed
Some of the tools that are out there—such as those for phishing—are probably pretty effective. Some of them occasionally send faux phishing messages to people to see how they react and then coach them according to how they respond. 

We used to have to do compliance training where I worked because it was a medical device company. It was like a chore, but in the end you felt a bit empowered to have done it. You felt like you knew a bit more about some of the business’s risk; the same thing happens through cybersecurity training.
Head of Enterprise & Solution Architecture, 1,001 - 5,000 employees
An important part of security training is the practical test. The only company I worked with that did that was Salesforce. The red team would send fake emails to all the employees to see who would open them. And it was not to blame anyone; it was a part of the education and a great exercise. I’ll be honest, I fell for them at least once if not a couple times, which is a little scary because I think I'm pretty safe and I couldn't figure out whether it was a fake email or not.

There also are great tools—like Splunk, for example—that provide great monitoring over infrastructure. But then it becomes an issue of cost. Not many SMBs and startups can afford solutions like Splunk.
Senior Director, Defense Programs in Software, 5,001 - 10,000 employees
Yes, but as with any good digital adoption training it needs to relevant, responsive, and personalized to the employees.
CTO in Education, 51 - 200 employees
Depends very much on the training, the employee, and senior management buy in
Director of IT in Software, 201 - 500 employees
This has been very effective for our organization, we do it for every new employee and annually for everyone.

Content you might like

CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
Read More Comments
42.7k views131 Upvotes319 Comments

Structured Business Data62%

Unstructured Business Data37%


1.9k views2 Upvotes

Yes, it helps establish credibility.34%

No, it's a barrier to entry.44%

It's nice to have, but doesn't need to be a requirement.21%

I'm not sure.0%