In a new blog post from Scott Greaux, VP of PhishMe, effective security awareness training is discussed.
In the blog Scott discusses how phishing scammers will select their targets within organisations and what security training organisations can offer to help mitigate the damage posed by cybercrime.
Key takeout include:
– Security awareness to be effective, it needs to include everyone in your organization. Aside from the obvious security necessity, including the entire organization in your security awareness initiatives enhances your program in a number of ways.
– First and foremost, inclusion of everyone in security awareness training reduces the security gaps across organization. While training will never be 100% effective, the more people who receive training, the more potential security risks will be reduced. Including executives and senior managers in training exercises creates solidarity within the workforce, as staff will be more likely to embrace the exercise knowing their bosses are participating.
– Running an immersive security awareness campaign (such as simulated phishing exercises) requires buy-in from every department in the organization. It’s critical to work with every department to prepare them for any backlash that might occur. Since you’ll be simulating an attack, it’s essential to alert IT as well to avoid triggering response to a simulated event.
The full blog post is available here