10 factors for implementing successful and effective security awareness training

“… And that is why for the next five to six hours we will be providing a comprehensive plan of how to show that you are at risk for phishing. If you’ll all turn to page eight hundred and twenty-four of your guidebooks, we will begin silent reading …” 

Sound familiar?

Employee engagement is an absolutely critical element when setting up security training at an organization, but it’s also one of the easiest to lose. People need to understand why the training they’re receiving is important, why they need to bother doing it and why they should care about any of this. If you don’t have your users on board, everything else is pointless. On the flip side, it may be nearly impossible to even get that far without having assistance from higher-ups, so you need to have management firmly on your side as well. 

With that in mind, we’re going to briefly cover 10 critical factors to keep in mind when implementing your own security training. We’ll divide them up into two categories: for the employee and for the managers.

Critical factors for the employee

1. How does this affect me?

Trying to break through the primary protections of any organization usually isn’t the easiest way to compromise a physical location or network, but if a user lets them in, all bets are off. It’s vital for users to understand that THEY are the soft target, and they need to understand their responsibilities on a day-to-day basis. Whether this means “Don’t pick up a random USB drive in the parking lot” or “Don’t let somebody in behind you through a secure doorway” or “Don’t let the random pizza guy roam around the building by themselves,” it’s necessary for everyone in the company to know they play a critical (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Kurt Ellzey. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/5N-_t4k05LQ/