Michael Madon

by Michael Madon

SVP & GM of Mimecast Security Awareness

Posted Nov 07, 2018

Asking the experts on cyber awareness training.

There’s never been a more critical time for awareness training for cybersecurity. Attacks of all kinds are on the rise and the ubiquity of technology in the lives of end users can create opportunities for lapses in judgement, human error and avoidable mistakes.

As an IT leader in your organization, it’s upon you to lead the way in cybersecurity best practices beyond having the best technology in place. But going down the wrong path can have disastrous results.

To tackle the issue of cybersecurity awareness training in this era of increased threats, we gathered members of the Cyber Resilience Think Tank to get their opinions and advice on best practices, pitfalls to avoid and how to measure success in their programs.

Lack of cybersecurity awareness training is hurting your organization.

Only 11% of organizations continuously train employees on cybersecurity awareness, according to Mimecast research conducted by Vanson Bourne. Nearly 40% feel that training their staff is the best way to protect their organization from email-based cyberattacks. So, why is the frequency of security training so low? Maybe it’s due to the 33% that want to address cyber threats via increased investment in technology, or the 29% that opt to see improved business processes.

Here’s what Joshua Douglas, CISO at TRC Companies, Inc., had to say on this topic:

“To me, awareness training is all about educating individuals on what potentially risky situations look-and-feel like, so they can make smart choices to avoid potentially disastrous situations...The only way to keep awareness alive is to provide continuous training so cybersecurity is top-of-mind. Without regular training, your culture will suffer.”

Can discretion be dangerous?

The discretionary actions of employees are important for every aspect of the business, not just security. Knowing or not knowing what employees are doing in their discretionary time will ultimately determine the success of a company.

Gary Hayslip, Chief Information Security Officer at Webroot, had this to say:

“As a CISO, I would hope that employees would be somewhat educated on good practices for being on a computer and using the internet. With that said, time and again, I’ve found that this isn’t the norm. I believe it’s the responsibility of the organization to provide security awareness education and resources, continuously over time, to remind employees that security and threats are dynamic and continuously changing.”

Cybersecurity awareness is more than checking a box

When it comes to defining an organization’s mission and vision, a lot of time is spent refining and getting it right. However, when it comes to making security part of corporate culture, this isn’t the case.

Here was my contribution to this part of the discussion:

“With security, creating a mission typically equals checking a box when really, it’s about commitment and underscoring the importance of security – this should be part of a company’s guts and what makes it successful. Engagement means not checking a box. It’s about going from compliance to commitment.”

Get out there. Be the face of cybersecurity awareness.

When it comes to making awareness training part of your cyber resilience planning, budget, staff and resources aren’t the only factors. Your own visibility can be more beneficial than you think.

This is what Marc French, Mimecast’s Chief Trust Officer, added:

“If you have little or zero dollars to play with, you can be your own best resource. Get out and be visible. If people recognize you as the 'security guy,' they will reach out to you proactively with questions and concerns. You can use this valuable data to build an awareness program.”

These thoughts have been captured in the latest Cyber Resilience Think Tank E-book Employees Behaving Badly? Why Awareness Training Matters. Read the E-book and learn more about how you can approach user awareness training.

Want more great articles like this?Subscribe to our blog.

Get all the latest news, tips and articles delivered right to your inbox

Michael Madon

by Michael Madon

SVP & GM of Mimecast Security Awareness

Posted Nov 07, 2018

You may also like:

7 Tips to Safeguard Public WiFi Use

With Cybersecurity Awareness Month here,…

With Cybersecurity Awareness Month here, we’re ready t… Read More >

Michael Madon

by Michael Madon

SVP & GM of Mimecast Security Awareness

Posted Oct 30, 2018

Stop Failing at Cybersecurity Awareness Training

It's depressing but true: failure is bak…

It's depressing but true: failure is baked right into the DN… Read More >

Michael Madon

by Michael Madon

SVP & GM of Mimecast Security Awareness

Posted Oct 24, 2018

Cyber Awareness Lessons Learned on a Train Ride

Users: here’s how not to handle an…

Users: here’s how not to handle an email security inci… Read More >

Bradley Sing

by Bradley Sing

Technical Consultant

Posted Jul 18, 2018