Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceSecurity Education & Training

User cybersecurity awareness starts with training

By Erich Kron
employees trained in cybersecurity
March 11, 2022

The current state of cybersecurity has plenty of issues. Between ransomware denying access to our data and selling data on the dark web, to scammers talking people into transferring large amounts of money to their accounts, it’s pretty obvious things could be going better. Defending against these attacks is tough enough, but when users and cybersecurity leaders start blaming each other for the problems, it quickly becomes even more complicated.

Users blame security or information technology (IT) teams for not having technology in place to stop bad things from happening, security and IT teams blame users for clicking on malicious links and documents. As resentment grows, so does the divide between the users and security and IT staff, creating an unfavorable environment for fixing the issue.

The scope of security blame

This is not a new problem. This has been happening since workplaces started adopting computers for use in day-to-day operations and viruses and bad actors started attacking them. What has changed is the damage being done by these viruses and the bad actors.

No longer does a cyberattack just mean that email servers are overloaded as the virus spreads, now these attacks mean theft of employee and customer data, pilfering of intellectual property, and even using organizational email accounts to run scams, resulting in millions of dollars of loss not only to an organization, but often to their users or vendors.

Educating users in cybersecurity

There was a time when security was the job of a department within the organization, often the IT or a dedicated information security department. However, the roles of users within organizations have grown to where they are the generators of massive amounts of digital information. By being not only consumers of the information, but generators of the information as well, they now have a direct role in protecting that information. Unfortunately, many users are not taught why or how to secure data.

For this reason, security leaders need to help educate users on cybersecurity principles, even if it means starting from the most basic level. Through this education, security professionals can help users understand why it’s not practical to block every website or email that could be malicious, and why the information they create or consume can be valuable to cybercriminals. Cybersecurity leaders can also help them understand that if they click on a malicious link in an email, it could allow bad actors in the system to steal their data and that of coworkers, possibly resulting in their own identity being stolen or in the case of ransomware, the organization being shut down for a week or more. Suddenly, the issue impacts them, making them want to pay attention.

Incident simulations

Simulated tests are another very valuable tool. Security leaders should understand that the purpose of these tests is not to trick users, but to provide more education and experience in a fail-safe environment.

When designing phishing tests, especially early on, the goal is not to make them so hard that nobody spots them. The goal should be to reinforce training and start with easier tests that allow them to be successful, building their confidence and lowering their skepticism.

The tests should be a little challenging without causing ill will from the recipients. Share the successes of the organization as they get better and remember to always keep the messaging positive. Tell them how much they improved and make sure they understand how this helps the whole organization, themselves included. If security teams automatically assign remedial training to clickers, make it short and relevant to the type of phish they fell for, not on an unrelated topic. This makes it much easier for the user to accept. Messaging is a key part of making training successful.

Speaking of ill will, it is important that email phishing campaigns steer clear of topics that can cause harm to the organization. In the past, organizations have sent simulated attacks telling people they are going to be laid off or promising annual bonuses to employees when none exist. While these are tactics that bad actors will use, they don’t need to be used in simulated attacks to teach people the red flags to look out for. In addition, don’t shame individuals, especially in front of coworkers, when they make a mistake — help them improve.

It’s the role of security and IT professionals, as well as security-minded users, to help others make better security decisions and to educate them about the threats and how to protect themselves. Only when interactions with the IT and security teams are not seen as abrasive will security teams be able to bridge the gap between them and the users and really start making positive progress in user behaviors that reduce risk.


This article originally ran in Today’s Cybersecurity Leader, a monthly cybersecurity-focused eNewsletter for security end users, brought to you by Security magazine. Subscribe here.

KEYWORDS: cyber incident response cyber security awareness Information Technology Security phishing attack risk and resilience security training

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Erich Kron is a security awareness advocate at KnowBe4, a provider of security awareness training and a simulated phishing platform.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cyber Tactics Column
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity Education & Training
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

blurry multicolored text on black screen

PowerSchool Education Technology Company Announces Data Breach

Events

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

August 27, 2025

Risk Mitigation as a Competitive Edge

In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • bots-freepik1170x658 (1).jpg

    Safeguarding the user experience starts with tackling bots

    See More
  • cyber laptop freepik

    The pandemonium of the pandemic: How working from home has changed the cybersecurity formula

    See More
  • Cybersecurity

    Cybersecurity Month Starts With a Bang

    See More

Related Products

See More Products
  • security culture.webp

    Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Events

View AllSubmit An Event
  • July 24, 2012

    Axis Communications’ Academy 2-Day Fundamentals Training with FREE AXIS Camera Station Training

    Network Video Fundamentals is the building block of the Axis Communications’ Academy training program.
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing