How to Turn Every Employee into a Cybersecurity Expert

January 5, 2017

Chief security officers are the obvious point people to address a workforce’s cybersecurity concerns. While it is the obligation of a CSO or CISO to spearhead a company’s defense against cyber attacks, the responsibility cannot fall solely on the shoulders of a single person. With 43 percent of data breaches caused internally and the average data breach costing $4 million, fostering a companywide commitment to cybersecurity awareness becomes a shared responsibility.

Given the technical nature of cybersecurity, the average employee may not have a full grasp of best cybersecurity practices. In fact, up to 90 percent of internet users haven’t had any recent cybersecurity training. To ensure that each employee helps fortify an organization against an attack, providing digestible, effective training is critical – and eLearning is making it easier than ever for companies to educate their employees.

Making Cybersecurity Digestible

The most successful training is accessible, entertaining and engaging. These qualities are especially critical when the content is complex and heady, and eLearning solutions can deliver these elements with a responsive, visual interface.

Like any subject matter, cybersecurity can be intimidating for those not already versed in it. While lectures on cybersecurity may dive into obscure topics or use jargon, it is critical to consider employees’ knowledge and utilize training techniques that align with and build off of their understanding. Though it may be tempting to discuss the nitty gritty details of a hack, consider what employees actually need to know to protect your company.

Given the weight of the topic, it’s also imperative to employ training methods that resonate with employees. While corporate training sessions historically may have caused employees’ eyes to glaze over, given the monetary loss associated with a breach, CSOs need to consider how the training will engage employees and encourage retention.

Considering today’s digitally savvy workforce, eLearning may be a more attractive option than more standard training fare when it comes to engagement. Audiences tend to receive educational content better when it’s visually and aurally stimulating, which can be fulfilled by the video capability of eLearning. Adult learners in particular tend to reap video’s benefits, with better engagement and retention.

Video is also the perfect medium for a compelling narrative, which is another key component of effective instruction – modules can introduce learners to characters who face similar scenarios. For example, a module could focus on a character who is trying to decipher whether an email is genuine or phishy, a scenario that your employees experience weekly if not daily. From there, the module can bring the user and the character together on a mission to learn the corresponding best practices.

Linking Conceptual Cybersecurity to Reality

The flexibility of eLearning makes it easy to render the training as relevant to users as possible, not only through storytelling but also through capabilities like course customization and responsive technology.

Along these lines, consider interactivity and having employees actually practice cybersecurity best practices in a low-stakes environment.

For instance, have employees practice creating strong passwords and provide real-time feedback. ELearning solutions can provide real-time feedback at scale, and feedback given “in the moment” is far more likely to improve performance. Interactions that directly adapt to the user allow for a more personalized learning experience, while teaching actionable lessons that can be applied to everyday situations.

Given demands on employees’ time, it is also worth considering offering training that is flexible, allowing your team to access the content and pace at their own convenience, while keeping in line with the company’s broader timeline goals.

Changing Company Cybersecurity Culture

Cybersecurity training not only provides employees with a wealth of information, but it can also arm CISOs and CSOs with valuable data about their workforce.

Maybe your workforce is well-versed in data storage and transmission practices, but has little knowledge about office tailgating, for instance. Software can show you broader company patterns that you may not have detected otherwise. With this information, your company can adjust the eLearning modules and general cybersecurity strategy accordingly.

Finally, ensure that the education you offer provides actionable next steps upon course completion. From there, employees can take the lessons learned and translate it into real-life best practices. With malware adapting to network security provisions, effective cybersecurity education is more critical now than ever. Because of its dynamic, responsive and flexible nature, eLearning presents an unparalleled opportunity to create a companywide ethos of cybersecurity knowledge and accountability.

As Co-Founder and CEO, Leslie Redd leads the LearnBIG team to create interactive eLearning courses for organizations to enhance customer relations, employee effectiveness, and operational efficiency. Her team combines science-based instructional design, gorgeous compelling video, clever technology, and just enough cheek to delight and engage learners.

With the advent of Internet of Things (IoT) technology and Industrial Internet of Things (IIoT), the cyber security practices are increasingly getting integrated with the physical security practices.

We will provide insight on NDAA Section 889 and how the act has evolved and impacted business, so that organizations can better mitigate risk and stay compliant.