10 TIPS TO DEVELOP CYBERSECURITY KNOWLEDGE WITHIN ORGANIZATIONS:
Determine Cybersecurity Needs: A deep assessment can help organizations consider all of the areas where cybersecurity is needed and how much of that need can be outsourced versus handled internally. Consider…
~ Strategic Plans – What skills are needed to accomplish long-term goals?
~ Workforce – Does the organization have the talent needed? Will you be hired or trained?
~ Budget – How much money do you have to spend on training, certifications, and continuing education?
~ Competition – What will it take to stay on par (or perhaps ahead) of the competition?
~ Culture – How is security viewed here? Is it part of how the mission is accomplished?
Establish A Training Cadence: For cyber basics and awareness, companies should hold cybersecurity training every four to six months, including new schemes and tactics used by bad actors. Certification requirements range from classroom hours to continuing education credits to retesting.
Use Free Resources: Organizations don't have to pay for basic training! There are some very good cybersecurity resources available free from the U.S. Government. Visit the Cybersecurity & Infrastructure Agency and the National Institute of Standards and Technology.
Get To The “WHY!”: Cybersecurity training won’t “stick” unless employees understand their responsibilities and take their roles seriously. Ensure the training answers the question... “Why is cybersecurity important to our mission?”
Employees Should Be Put To The Test!: Testing is an important part of education. Send fake emails, conduct hacking exercises, and role play a simulated attack or ransom situation. Even employees who are aware that they will be tested make mistakes – and these are teachable moments for them to slow down, trust their instincts, and verify.
Align Training and Policies: Create policies and rules – and include them in the employee handbook – to reinforce all of the best practices covered in training. Daily activity guidelines, as well as reporting requirements, aid in the institutionalization of cybersecurity practices.
Explain The HOW: Make it a point to educate employees on cybersecurity and monitoring techniques... Not as a scare tactic ("We're always watching!"), but rather to demonstrate the value of data, how seriously security is taken, and to make employees feel at ease being a part of the solution.
Make Use of Experts. Many organizations have a wealth of cybersecurity knowledge within their IT and leadership staff that can be shared through lunch-and-learns, webinars, hands-on mentoring, and idea meetings. Internal training is useful for teaching procedures as well as tips and tricks learned in the trenches.
Reach To The Top: Cybersecurity is a business-critical operational task. It is the security leader's responsibility to be aware of it. Even if experts are on staff or outside cybersecurity consultants have been hired, leaders should have a working knowledge of cybersecurity basics, the company's posture, and areas where the organization faces risk, allowing the security leader to make informed decisions. If leaders are hesitant or embarrassed to admit their ignorance, they should review the basics online and meet with consultants to ask questions.
Keep The Good Going: The landscape is changing so quickly that keeping up requires almost constant attention. Training takes time and repetition, especially when learning new skills or procedures. Protect the training budget tenaciously, prioritize training time, and create opportunities for everyone—from novices to experts—to put what they've learned into practice.
For more information on this and other topics, please contact Kevin via any of the channels listed below:
📞718-317-5007