With the recent Sony hack and the widespread shift to cloud computing, it’s apparent that organizations need to increase their focus on data security. Cyber attacks are expected to increase in 2015 and beyond as governments and competing giants take their warzones to cyberspace.
Having an up-to-date, well-designed security strategy is important. But even the most fool-proof strategy is useless if your employees don’t comply with the required practices.
Here are 3 things to include in your IT security training sessions to boost your employee compliance:
1. An interactive component
Reciting rules or flipping through PowerPoint slides doesn’t lead to good security behavior. Users need to actually have hands-on experience during their training sessions and the ability to interact with the trainer or others. Even something as simple as a group exercise to think of and discuss potential security threats they have or might face, then discussing ways those threats can be addressed.
2. Something to do right away
Training can’t be abstract ideas alone. Workers need something they can do the minute they return to their desks to spark security change right away. It doesn’t have to be a major security overhaul. Changing passwords, adding a passcode to a mobile device, or setting filters on their email are some examples of small steps users can take that will make them think about what they learned in the session.
3. Good followup
Training sessions often fall short by being too isolated. A great training session is designed beginning-to-end, delivered effectively … and then forgotten by nearly everyone in attendance. There needs to be followup on training if there’s any hope of it sinking in.
Read the full article on IT Manager Daily for a more detailed look at these three practices.