Fingernails on a chalk board. That is what this term sounds like to me. I believe awareness is a result of education. Training teaches a skill while awareness reflects the result of that skill. For example, tying your shoes is a skill. The awareness is that if you tie your laces you will not trip on them. Training to look both ways before crossing the street will result in the educational benefits of knowing the risks associated with neglecting this activity. You may get hit by a car!
In cybersecurity it is essential to have an ongoing, cybersecurity awareness PROGRAM (SAP). Part of this program will include training of how to spot a phish and other social engineering techniques, online safety, privacy, social media, mobile device and physical security. Training will outline the details. In essence, teaching a skill to recognize the risks. This will condition the user and raise their awareness in knowing how to handle the potential risk.
Developing a SAP should involve everyone. Because cybersecurity is everyone’s business. This education can benefit the organization as well as one’s personal life. Factors to keep in mind when developing your SAP:
- Identify the necessity for the plan. Get buy-in from administrators, staff and end users. Education is a key factor in learning to identify, avoid and report incidents.
- Use a variety of methods to get your message across. Posters, gaming, phishing simulations, group activities and contests are all great ways to educate users. Everyone has a different learning style that works best for them.
- Microbursts of instruction are more effective. Keep it short and to-the-point.
- Choose different topics to highlight. Mix it up. Or choose a topic in the current headlines to make it relatable.
- Talk to people in a way where they will listen. Don’t use technical jargon. Then, in turn, listen so people will talk.
- Use real life examples. Make the topic relatable to their everyday lives.
- Consider rewards. These could be a shout out in a publication, gift card, certificate, food & candy or conference swag.
- Set a schedule of the awareness topic or activity. Gather results and chart these in order to keep track of how well users responded. Documentation will help to keep your program on track and assist with evaluation of efficiency.
Promote awareness and you can change behaviors. If you energize and arm your users, they will turn from being a liability to an asset. You can change your organization’s culture from aware to care. And from fear to fierce!