6 tips for your security awareness training

00 title awareness training
Credit: Thinkstock
Keep a sharp eye out for

Security experts remind us that awareness is an ongoing effort. Here are some best practices for keeping your organization educated and aware year-round.

security awareness training
Credit: Thinkstock
Get the C-Suite involved

From Rick Howard, CSO, Palo Alto Networks:

Earlier this year, we had a problem with tailgaters; employees entering the building when the person in front of them opened the door with their badge. We considered many costly hardware and software solutions. In the end, we broadcast a humorous video at an all-hands meeting that involved the CEO and CTO getting into fisticuffs because one tailgated on the other. Now the entire company knows that they have the authority to challenge tailgaters every day.

security awareness training
Credit: Thinkstock
Make it personal

From Chris Blow, Senior Security Advisor, Rook Security:

A successful security awareness program needs to be interactive. "Death by PowerPoint" doesn't work - employees simply click through to get the training complete. Make the awareness program personal. Many of the key takeaways from a tuned awareness program will not only support best practices in the workplace, but also in their personal lives.

security awareness training
Credit: Thinkstock
Accountability is key

From Jeremiah Grossman, Founder, WhiteHat Security:

Making people ‘aware’ of something, and why it’s important, is just the first step in a successful awareness program. The next essential step is making sure they have what they need, such as tools and/or clear instructions, in order for them to follow through. And finally, to prevent individual or organizational forgetfulness, people need to be accountable for their adherence to the program. This is the fundamental part that is missing in many awareness programs.

security awareness training
Credit: Thinkstock
Take out the guesswork

From Morey Haber, Vice President of Technology, BeyondTrust:

Don’t put your end users in a situation where they have to decide if their actions could be a risk. Think about the end user’s machine and how it can be imaged and enforced for security from the start. For example, implement a least privileged model for users accessing systems and never give standard users admin rights. Only give user access to applications based on that application’s vulnerability profile. Wetware continues to be the number one factor involved in security breaches.

security awareness training
Credit: Thinkstock
Never stop training

From Jeff Schilling, CSO, Armor:

A good security awareness program should not be considered a once-a-year activity to achieve a checkmark for a compliance standard. It needs to have activities on a frequent basis and contain a variety of elements (i.e. newsletter, test phish email, lunch and learn sessions, email tips, physical security checks, clean desk review, etc.) to maintain currency and relevancy. Since technology cannot protect us or our users all the time, a good awareness program’s goal is to encourage others to develop good security habits.

security awareness training
Credit: Thinkstock
Know what the bad guys are after

From Stan Black, CSO, Citrix:

Threats adapt as fast or faster than the apps we use every day – simple training won’t keep up. Protecting people is not about addressing the expected pitfalls, it’s about understanding the intent of malicious actors to stop them in their tracks. The most important information our coworkers need is what the malicious actors are targeting, this simple intelligence makes us all more attack resistant. Don’t leave your valuables on your car seat, right…