Make the most of your cybersecurity plan by training your people
We’ve all been through the annual awareness training, where we sit and listen to, or read, the information on the screen and pay enough attention to click through the test if there is one. Your participation can then be checked off, but did you really learn anything?
Role-specific training can be helpful as a way to make a more lasting impression. Ask developers to take specific security-related training for the language and platform they code on, and provide different training for your customer-facing people. Employees that handle sensitive data like employee data and payment data need specific and focused training to understand their importance in the bigger security posture.
Follow up training with actual tests and exercises to give employees the practice they need. Tabletop exercises and real-life scenario-based tests are great; the more everyone practices, the better their performance during an actual event.
All employees should have a goal in their annual review to cover security topics such as being able to properly identify an event and report it to the right authorities, and which steps they are required to perform in the name of good security.
Interested in learning more? Download the newest MIR3 brief, The Common Sense Approach to Cybersecurity.