Top performing IT leaders know that employee awareness programs are a vital part of any cybersecurity and/or data privacy strategy. And for good reason: social engineering that targets your human-based vulnerabilities remains the number #1 threat to cybersecurity and data privacy.
So, it may come as a surprise that only 50% of companies agree their current employee training program actually reduces non-compliant behaviors. For IT leaders with employee awareness programs in place, the question has become: What more can we do?
You need role-based training. Awareness programs are hard to get right, and a one-size-fits-all approach doesn’t go far enough. Learn how role-based training ensures employees receive education tailored just for their specialties by checking out this downloadable presentation.
Learn more by visiting us:
www.mediapro.com
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
The Case for Role-Based Employee Awareness Training [MediaPro]
1.
2. It’s A Scary World
Out There
The threats to cybersecurity and data privacy are definitely
scary enough to keep you up at night. Not only do the threats
just keep coming, the landscape itself is continually changing….
Not long ago, you only had to deal with
“Nigerian Prince” email scams. Today,
you’re getting pounded with shrewdly
crafted phishing emails directed right at
privileged users and “Account
Compromised” alerts that deliver some of
the nastiest malware yet conceived (like
ransomware).
3. It only takes one successfully phished
employee to compromise your entire
network, potentially exposing the
private, sensitive data of all your
clients.
Cybercriminals are targeting the most difficult
vulnerability to protect: your employees.
That’s right: social engineering was the #1 attack vector
in 2015, according to a ProofPoint report.
Here’s the scariest thing:
4. Employee Awareness
Programs are the Ticket
But don’t despair: behind statistics like these, there is
hope. Humans may be at the center of the problem,
but it is a problem that can be solved.
(We hope we don’t surprise you when we say
employee awareness programs are a vital part
of any cybersecurity or data privacy strategy)
76% less is spent on cyberattacks
when employees are trained,
according to a
PriceWaterhouseCoopers report.
5. But Not Just Any Awareness Program
Getting awareness right is difficult:
Only 50% of the companies surveyed
in a Ponemon Institute report agreed
their current employee training actually
reduced noncompliant behaviors.
Perhaps that’s because so many
companies—43%—offer a one-size-fits-
all approach for employee training.
One-Size-Fits-All is Not the Answer
Long story short:
6. Relevant > One Size
Fits All
Learning theorist John Keller’s ARCS learning model
(attention, relevance, confidence, and satisfaction)
highlights the importance of relevance for adult learners.
He shows us that employees accept the information in
new training when they can see how it relates to their
interests, job role, and personal objectives.
To put it more simply: when it’s
relevant, learning sticks; when it’s
not, you’re wasting your time.
7. Role-Based Training = Relevant
So what does it take to be relevant? We see the most
relevant experience or your employees coming from a role-
based approach.
Role-based cybersecurity or privacy training allows
employees in different roles, such as human resources and IT,
to receive education tailored just for their specialties.
Here are three good reasons to implement it:
9. In a modern organization, we all have a part to
play in the grand scheme of cybersecurity or
data privacy. But what your employees need to
know to play their parts differs greatly by job
role. Make your training reflect these
differences.
IT employees don’t need to know about
safeguarding conversations with potential
hires, but do need to be well-versed in
preventing unauthorized data access
and use. Similarly, HR staff don’t need
to be bothered with education on PKI
certificates, though protecting sensitive
employee information is exactly in their
wheelhouse.
With role-based training, all this is possible.
11. Tone is crucial when addressing your
organization’s people.
That’s why communicating security
and privacy best practices
to the C-suite (yes, they need
training too), for example, should use
different language and different examples than
training for rank-and-file employees.
Framing education in the way the makes the most
sense for each of your organization’s departments
will help each department member apply those
lessons to their everyday work lives.
Role-based training allows you to not
only target the right topics to the
right employees, but the right messaging as well.
13. Role-based training ensures your
employees only get trained on
the content they need, without
time wasted on content that’s not
relevant to them. They
appreciate getting training that
matters— and you appreciate that
they have more time to focus on
productive work.
A role-based approach means less training
time for each person—and that means you
get the best bang for your training buck.
14. To Sum Up
Your employees are a vital part of your cybersecurity or data privacy
strategy.
Employee security and privacy programs are essential, but need to be
done right.
Training content is most impactful when it’s relevant, and a role-based
approach lets you deliver exactly the content your employees need,
without wasting their time on lessons they don’t need to learn.
15. Now What?
Find out how MediaPro’s role-based training can bring your
employees the most relevant learning possible.
While you’re at it, check out other ways to boost your
awareness program, like phishing simulations, knowledge
assessment surveys, and training reinforcement content
(such as animated videos and games).
Contact Us Today