Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
Security Leadership and ManagementCybersecurity News

How to Tailor Security Awareness Training to Employees’ Needs

A Successful Security Awareness Program is One Where the Employees Are Fully Equipped to Participate

By Lauren Zink
employees-enews
November 28, 2017

Security awareness isn’t just education, communications and training. It is cultural change and a movement that requires buy in from the top down and the bottom up. It needs to be a credible program that people want to be a part of and learn from. It should be relatable, from a business perspective, but also from a personal perspective. It requires managing people, groups and projects and creating a plan to disseminate pertinent information to employees who all need to understand that they are stakeholders when it comes to the security of the company and its people. It involves equipping your employees with the knowledge they need to spot the threats and take appropriate action that aligns with your company policies. And if it isn’t already, it should be a crucial component of any mature security program.

All too often, employees are told they are the weakest link, but they can also be a huge asset to any security team if they are given the right tools and trained properly.  The old cookie cutter approach to pushing one annual required training to employees, with a phishing test scattered here and there, just doesn’t cut it anymore. In order for your employees to play an integral role in securing the company they need to be given the right tools that are up-to-date and continuous, and they must feel enabled to make a positive impact. The best way to set the precedent for this is to give employees an understanding of the security program from day one by having security representation in the new hire orientation. This time can be utilized to cover security policies and common threat vectors that are seen at your organization as well as to discuss the role employees will play in securing the company.

Associates should be made to feel like they are truly part of the program with open dialogue and discussion through various means. This can include both push and pull training such as articles, newsletters, screensavers, competitions, phishing tests, tabletops, emails and presentations throughout the year. Effective communication is ongoing and can be done through discussion boards with direct contact to the security subject matter experts. Make some, if not all, of the security team readily available to address employee questions and concerns through a mailbox that employees can directly communicate through. This will also give the security team good insight into the current threat landscape of the company as employees report suspicious activity and ask questions.

Test your employees with real-world threat scenarios. Employees are going to be receiving real phishing threats in their email box so why not test how they would respond in the event of a real malicious message in a controlled environment through real hands-on experience? This in turn will keep employees on high alert once they realize that what they clicked was a test and could have had detrimental effects if it were real. And from a security awareness program perspective you will gain measurable metrics that can be communicated to the security team, the company and even the board. You can even take it a step further and perform other social engineering tests in both logical and physical form.

 

Don’t just base your program around policies and requirements. Survey your audience and find out what their security concerns are, both at work and at home, and what they want to see and hear from the security team. A survey can also be utilized to gain metrics on the current security posture of the organization and progression year over year when the survey is conducted. When employees see their areas of concern being addressed, you will capture their attention and can capitalize on their attentiveness.

Ensure that you consider your audience when creating security training content and tailor it appropriately. Some groups will have some background knowledge, while others won’t, and each training and communication should reflect that. Don’t assume all your employees aren’t technical because if you take that approach you will lose the attention of those who are. And, give your employees the ability to do something when they notice something suspicious by offering numerous reporting mechanisms and giving them the background knowledge necessary to make that determination.

Creating a culture of security aware employees is a large task and can take a lot of time and resources. If at least one full-time employee cannot be dedicated to this, then a committee of security liaisons could be established to be the ambassadors for security through different sectors of the business. This helps create an even larger security network within the company with active participants endorsing security on your behalf. Even with one or two dedicated full-time employees, it is truly a company effort with all hands on deck, with the security team playing a crucial leading role as specialized subject matter experts in their areas to help implement an impactful and lasting cultural transformation. There are only so many people that are employed as part of the security team, but it can be in the company’s best interest to turn every employee into a skilled security participant that can be leveraged to have more eyes and ears on the threats.

While security tools have always been considered a necessary part of a security program, it is also imperative that security awareness now be considered a requirement as well. Implementing cultural change can be done by ensuring employees have enhanced protection and security through increased security awareness amongst employees. Every employee should be prepared to play a role in securing themselves, their company and its assets from both a logical and physical security perspective. Security awareness is a crucial aspect and enabling all employees and organizations in your company to work together will help to guarantee a sustainably successful security posture for your company.  

KEYWORDS: cybersecurity training security awareness security education

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Lauren zink

About the Author: Lauren Zink is the Team Lead of Security Awareness, Communications and Education at Diebold Nixdorf, a global fortune 1000 company in Northeast Ohio. She is an information security professional that loves to focus on the human aspect of security. Lauren has a strong background in teaching and training numerous age groups from elementary to college age and business professionals. She thoroughly enjoys all aspects of both logical and physical security and educating employees on their importance. Zink has been in the cybersecurity field for over 6 years where she has climbed from an entry level analyst to the lead of her department overseeing a security awareness program for over 29,000 associates in 90+ countries.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Leadership and Management
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    New Security Technology
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Coding

AI Emerges as the Top Concern for Security Leaders

Half open laptop

“Luigi Was Right”: A Look at the Website Sharing Data on More Than 1,000 Executives

Shopping mall

Victoria’s Secret Security Incident Shuts Down Website

Laptop with coding on ground

Stepping Into the Light: Why CISOs Are Replacing Black-Box Security With Open-Source XDR

Gift cards and credit cards

Why Are Cyberattacks Targeting Retail? Experts Share Their Thoughts

2025 Security Benchmark banner

Events

June 24, 2025

Inside a Modern GSOC: How Anthropic Benchmarks Risk Detection Tools for Speed and Accuracy

For today's security teams, making informed decisions in the first moments of a crisis is critical.

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

From animal habitats to bustling crowds of visitors, a zoo is a one-of-a-kind environment for deploying modern security technologies.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • danger-enews

    International Travel Training: How Employees Should Respond to a Mugging

    See More
  • Cyber Incident Recovery

    Security Awareness Training – Keys to Delivering a Successful Program

    See More
  • Game Theory for Security Awareness - Security Magazine

    How to Utilize Game Theory for Security Awareness

    See More

Related Products

See More Products
  • security culture.webp

    Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

  • physical security.webp

    Physical Security Assessment Handbook An Insider’s Guide to Securing a Business

  • contemporary.jpg

    Contemporary Security Management, 4th Edition

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing