- November 30, 2016
- Posted by: Lee Mangold
- Category: Blog
Security awareness is the process of educating individuals about the risks of cybersecurity, how to identify potential threats, and what to do when you do see those threats. Security awareness is usually bundled into a “security awareness program.” Emperical evidence has shown that a simple presentation does not provide lasting security aware behaviors in an organization. As you build your awareness program, it’s important to keep this in mind.
The ultimate goal of awareness training is NOT 100% security; that’s an unrealistic and likely unattainable goal. Rather, the ultimate goal is to build a more security aware culture, where decisions are not made without some consideration of security. This requires a lot of things, including solid policies & guidance, and recurring reminders and training events.
It has been emperically proven that a live presentation from an IT security expert is 70% more effective than any other means of training. But it doesn’t stop there. Emails, newsletters, and signs – while seemingly draconian at times – DO work and they DO support the building of a security-aware culture. But it doesn’t end there, of course! You need to get senior management buy-in and modify all processes to INCLUDE security!
Security should enable the business to operate securely, and in many cases, more efficiently. It’s important to bake-in security as you go, rather than bolt it on later when it becomes an issue.
GoldSky provides the expert training and information security program development services to help your business succeed securely!