How to Turn Every Employee into a Cybersecurity Expert

January 5, 2017

Chief security officers are the obvious point people to address a workforce’s cybersecurity concerns. While it is the obligation of a CSO or CISO to spearhead a company’s defense against cyber attacks, the responsibility cannot fall solely on the shoulders of a single person. With 43 percent of data breaches caused internally and the average data breach costing $4 million, fostering a companywide commitment to cybersecurity awareness becomes a shared responsibility.

Given the technical nature of cybersecurity, the average employee may not have a full grasp of best cybersecurity practices. In fact, up to 90 percent of internet users haven’t had any recent cybersecurity training. To ensure that each employee helps fortify an organization against an attack, providing digestible, effective training is critical – and eLearning is making it easier than ever for companies to educate their employees.

Making Cybersecurity Digestible

The most successful training is accessible, entertaining and engaging. These qualities are especially critical when the content is complex and heady, and eLearning solutions can deliver these elements with a responsive, visual interface.

Like any subject matter, cybersecurity can be intimidating for those not already versed in it. While lectures on cybersecurity may dive into obscure topics or use jargon, it is critical to consider employees’ knowledge and utilize training techniques that align with and build off of their understanding. Though it may be tempting to discuss the nitty gritty details of a hack, consider what employees actually need to know to protect your company.

Given the weight of the topic, it’s also imperative to employ training methods that resonate with employees. While corporate training sessions historically may have caused employees’ eyes to glaze over, given the monetary loss associated with a breach, CSOs need to consider how the training will engage employees and encourage retention.

Considering today’s digitally savvy workforce, eLearning may be a more attractive option than more standard training fare when it comes to engagement. Audiences tend to receive educational content better when it’s visually and aurally stimulating, which can be fulfilled by the video capability of eLearning. Adult learners in particular tend to reap video’s benefits, with better engagement and retention.

Video is also the perfect medium for a compelling narrative, which is another key component of effective instruction – modules can introduce learners to characters who face similar scenarios. For example, a module could focus on a character who is trying to decipher whether an email is genuine or phishy, a scenario that your employees experience weekly if not daily. From there, the module can bring the user and the character together on a mission to learn the corresponding best practices.

Linking Conceptual Cybersecurity to Reality

The flexibility of eLearning makes it easy to render the training as relevant to users as possible, not only through storytelling but also through capabilities like course customization and responsive technology.

Along these lines, consider interactivity and having employees actually practice cybersecurity best practices in a low-stakes environment.

For instance, have employees practice creating strong passwords and provide real-time feedback. ELearning solutions can provide real-time feedback at scale, and feedback given “in the moment” is far more likely to improve performance. Interactions that directly adapt to the user allow for a more personalized learning experience, while teaching actionable lessons that can be applied to everyday situations.

Given demands on employees’ time, it is also worth considering offering training that is flexible, allowing your team to access the content and pace at their own convenience, while keeping in line with the company’s broader timeline goals.

Changing Company Cybersecurity Culture

Cybersecurity training not only provides employees with a wealth of information, but it can also arm CISOs and CSOs with valuable data about their workforce.

Maybe your workforce is well-versed in data storage and transmission practices, but has little knowledge about office tailgating, for instance. Software can show you broader company patterns that you may not have detected otherwise. With this information, your company can adjust the eLearning modules and general cybersecurity strategy accordingly.

Finally, ensure that the education you offer provides actionable next steps upon course completion. From there, employees can take the lessons learned and translate it into real-life best practices. With malware adapting to network security provisions, effective cybersecurity education is more critical now than ever. Because of its dynamic, responsive and flexible nature, eLearning presents an unparalleled opportunity to create a companywide ethos of cybersecurity knowledge and accountability.

As Co-Founder and CEO, Leslie Redd leads the LearnBIG team to create interactive eLearning courses for organizations to enhance customer relations, employee effectiveness, and operational efficiency. Her team combines science-based instructional design, gorgeous compelling video, clever technology, and just enough cheek to delight and engage learners.

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

Organized Retail Crime (ORC) is a serious problem that has been on the rise for several years. The unprecedented event of the current pandemic will rival or even exceed any previous events. If COVID-19 by itself wasn't bad enough, add civil disturbance, bail reform, and the state of law enforcement, and you have a perfect storm.

Security Magazine

2020 August

This month in Security magazine, we examine how physical security leaders are being propelled into a unique position of revenue preservers and risk managers for their businesses. In addition, we profile Scott Ashworth, Director of Security for Atlanta United. Also, security leaders discuss how to develop cybersecurity careers, election security, data protection strategies, measuring and reporting security operations maturity and more!

View More Create Account

How to Turn Every Employee into a Cybersecurity Expert

Related Articles

Related Products

Related Events

Report Abusive Comment