Security Simplified

The Importance of Security Awareness Training

"Knowing is half the battle," was a common phrase I remember from my childhood. If you don't know what to do, or look for, or how to respond to security issues in your life, you are more likely to make the wrong choice in the moment. Criminals are constantly changing their techniques to acquire data from users or to gain access to systems and services, that we too must constantly be trained to be aware of what is suspicious and what are the latest threats out in the wild.

With training being such an important part of every organization, how do we go about accomplishing such an enormous task? The first place to start is always at the "C level" of your organization. Leadership buy in is required to make your security programs successful in your organization. Build out your plan, describe the deficiencies the company currently has, and explain the risk that they are exposed to by failing to implement a proper security awareness training policy. As security professionals, we are to advise this leadership group of the risk, quantify the impact it can have on the business, and advise them on how to remediate the risk. Having this plan in hand is a first step to acquiring C-level buy in on your training.

To buildout this training program, you need to involve the company as a whole. Key contributor's must be identified that can create a complete security awareness training program for your organization. Without all of their input and insight, your program will have holes in it which will leave your organization exposed to risk, even with your training program implemented organization wide.

Proper training that is audited and performed yearly will allow your people in your organization to know what threats are out there, how to spot them, and how to react accordingly so that your organization can avoid the risk, or mitigate it.

References