What are the elements of a security awareness program that works?
Recently, MediaPro Managing Director Steve Conrad chatted with Thor Olavsrud of CIO.com on this very topic. They discussed why organizations everywhere are struggling with employee-based data breaches, much of them accidental.
Much of this is a direct result of these same organizations conducting annual training and treating it like a one-time event rather than a process of continuous improvement. Steve outlined other common missteps made when it comes to employee awareness, such as:
- Conducting training that isn’t role-specific
- Failing to consider tools like user-behavior analytics to deliver “just-in-time-training,”
- Designing training before fully understanding your company’s unique risks
“Are we treating employees with the same seriousness as we are other threats to the organization? If you updated your firewall software and virus definitions once a year, people would say that you’re negligent,” Steve told CIO.com.
“Traditionally, CIOs and CISOs have looked at technology and processes. Now it’s time to look at people. They’re a very high threat to the organization, but we don’t necessarily treat them like any other threat vector. Employees generally want to do the right thing.”
Learn more about the Adaptive Awareness Framework, our vision for integrated, adaptive employee awareness programs.