Customizing Your Security Awareness Program
Security training can be an effective protection and detection measure, or just another training module for an employee to ignore and click through. Even if an organization is using pre-packaged security awareness training products, they can make the training more effective by customizing it to the organization. Here are some components you may consider when customizing your security program:
Industry or Organizational Threats
Organizations can use internal or external threat intelligence to help develop their security training. Those that do threat intelligence/hunting may consider recent or upcoming threats when choosing what to focus on. External threat intelligence can include reports tailored to your industry or function or a more comprehensive report like Verizon’s annual Data Breach Investigations report.
Breaking It Down
A group of power users in the IT department faces different security risks compared to a cashier at a point-of-sale terminal. An advantage of using modular training is that a central message can be delivered, accompanied by more specific training at higher or lower levels of skill, according to the needs of different functional areas, or for different risk levels.
Casual vs. Formal Culture
It’s important to make security training “fit” within an organization’s culture. More casual organizations may benefit from memes or “gamification”. Banks and government organizations are likely to have a formal culture that accepts more standard training formats. Another example of adapting the training to an organization’s culture includes aligning the training with its shared mission to motivate employees.
Government- or industry-required compliance requirements, like HIPAA and PCI-DSS, may drive some of the content of your training program, as well as the metrics and frequency.
Customizing Your Security Awareness Program with Sedara
Do you want help securing your organization through training or assessment? Contact Sedara today!