Cybersecurity Training: How Effective is Training?

Cybersecurity Training: How Effective is Training?

Cybersecurity training for end users is one of the hottest topics of the last five years, with demand increasing year over year in both the public and private sectors.

If you Google “cybersecurity training” your results list will likely exceed twenty million different sources from a variety of organizations in the .edu, .gov, .org, and .com realms. Everyone has joined in on the trend, but how effective is training?

While there is no shortage of training materials and vendors, there is a shortage of quality training materials out there. Ones that will leave lasting impressions on your employees the way you can remember a great commercial or song for years. When was the last time a memory of your Information Technology security training randomly popped into your head? If you are like me, then this has never happened to you. This is why I think it is important to relook at how we structure training.  Here are some common tips that you receive in training:

  • Don’t click on suspicious links
  • Don’t open attachments from an untrusted source
  • Learn to recognize phishing scams
  • Make sure your antivirus software is up-to-date
  • Patch your systems

Everyone’s cybersecurity training covers these issues, yet the bad guys continue to successfully use basic tricks to fool end users. How is this possible?!

Employees know how to stop cyber attacks, but often fail to apply the knowledge they learned in training. Users fail to recall their training. It wasn’t memorable. It did not lead to a change in behaviors. We need to make training POP. Make training stay with users for more than five minutes. For several ideas on how to make your training stick, please check out https://www.dhs.gov/cybersecurity/tips_for_training.  

The other reason employees may make bad decisions is because there is a lack of enforcing standards. How often do users take into consideration that there could be a repercussion for what they are about to do with their keyboard or mouse? How many times a day do your employees stick a finger in an electrical outlet? Hmmm, shocking. Literally. Could it possibly be because they know exactly what would happen?

Restructuring the cybersecurity training format to incorporate the usual training checklist, but also emphasizing the enforcement of standards and including some entertainment, would help employees gain a lasting understanding of cybersecurity.  That way, training will resonate in employees’ minds for longer than five minutes after training.

Contributors

* Arc Aspicio |

Arc Aspicio is a management, strategy, and technology consulting firm that takes a mission-oriented approach to complex client challenges. As a rapidly growing company, Arc Aspicio has a bold strategy for 2016-2018 that drives growth through new capabilities in strategy, design, human capital, data analytics, information sharing, cybersecurity, and strategic communications. The company is known for a strong, collaborative culture that values gratitude – for its clients and its great team. And, #welovedogs! Follow us on Twitter @arcaspicio or learn more at www.arcaspicio.com.

Lynn Ann Casey / Chief Executive Officer
info@arcaspicio.com
703.465.2060

Confessions of a Chief Strategy Officer

Confessions of a Chief Strategy Officer

I’ll admit it, I was a little smug. After more than 20 years in the consulting business helping clients develop, implement, and integrate their strategies, I thought… “how hard could it be to do the same things for my own company – a company of consultants?” I had the commitment of my leadership, a group of talented people, and a plan and resources to grow the company. We had energy and we had a great process and tools to successful. What could go wrong?

Exploring Trends in Strategic Workforce Planning (Attract, Engage, and Retain)

Exploring Trends in Strategic Workforce Planning (Attract, Engage, and Retain)

Federal agencies have been undergoing significant transformation, requiring effective workforce strategies that can assist them in facing increasing challenges. As government leaders look for and implement initiatives to improve performance, Strategic Workforce Planning, (SWP) has become instrumental in assisting organizations to focus on their most important resource: their people

#Innovate Your Heart Out: We See an Innovation Day in Your Future

#Innovate Your Heart Out: We See an Innovation Day in Your Future

Innovation is difficult to harness for organizations of all sizes (Government and private sector alike). Replicating a process to encourage and produce innovation is even more challenging. Innovating in a structured space and time seems counter-intuitive, and begs the question: can thinking outside the box be a structured activity? Arc Aspicio recently held an Innovation Day to answer this question.

A Unified Brand Helps Serve a Complex Mission

A Unified Brand Helps Serve a Complex Mission

The Department of Homeland Security (DHS), created in 2003, undertook the most significant reorganization of federal agencies since the Cold War. It brought together federal, state, local, tribal, and territorial agencies with a focus on securing the U.S. from threats in a collaborative way. DHS pulls together five complex mission areas: preventing terrorism and enhancing security; managing our borders; administering immigration laws; securing cyberspace; and ensuring disaster resilience.

Towards Preparedness and an Emergency Management Workforce of the Future

Towards Preparedness and an Emergency Management Workforce of the Future

Grit and determination. This is what the Federal Emergency Management Agency (FEMA) workforce is known for. After what is arguably the most challenging year in its history, the FEMA leadership called on the agency to enable the workforce through four elements: build, empower, sustain, and train. A key factor in creating a scalable, sustainable disaster response workforce is to foster a proactive culture, one focused on preparedness. A proactive mindset can create an environment that asks the “what if” questions that lead to more prepared response efforts.