The end user is still the weakest link regarding cyber security, which is why most companies have implemented a user training program. In fact, most compliance frameworks and cyber security insurance providers require a regular training program be in place.
However, traditional approaches to cyber security are often at odds with end users, who can view cyber security with suspicion and as a hindrance to productivity. They understand its importance but are often frustrated with its implementation and feel like it is being imposed upon them.
The goal is to demystify cyber security and engage the user, as a more engaged user is more attentive to threats. Here’s how.
Cyber Security Awareness
To build trust in and awareness of your cyber security stack amongst your users, consider the following tips.
Training
Hold an annual in-person or virtual cyber security training with your end users. Use this time to engage with your users about notable cyber security incidents in the news and any incidents that have occurred internally. For example, show a real-life phishing email a user received or a previous instance of a security breach.
In Everyday Life
Teach users the security steps they can take in their personal lives, such as enabling two-factor authentication on personal accounts, putting a PIN code on their SIM card and implementing a credit freeze at the big-three credit bureaus. Consider creating materials that can be shared with users’ family or friends. This engages them personally and helps protect you from the risks of personal use of business devices.
Tools & Solutions
Be transparent with users about what solutions are in place and what they’re supposed to look like. This will take some of the mystery away and better equip users to spot malicious clone websites and notifications. Walk skeptical or curious users through the reasons why these solutions are in place and always have documentation to back up your reasoning.
Phishing Reporting
Use a solution for reporting phishing emails that gives instant gratification to users and make responding to those requests a priority. Users will not report emails if they feel ignored.
Incentivize
Give out prizes monthly, quarterly or at the annual security training for the user or department that reports the most legitimate malicious emails. Aim to gamify the user’s cyber security response, rather than treating it as a burden or requirement.
Focusing on transparency and regular security trainings go a long way in improving your end users’ experiences and strengthening your security posture.
Need Help?
If you need help implementing an effective cyber security awareness training program, contact us online or call 410.685.5512 with any questions.