It’s been just a shade over 20 years since the first national cybersecurity strategy was released...
Cybersecurity Training is NOT Just Checking a Box
As the saying goes, “repetition is the mother of retention.” But here we are twenty years since the first Cybersecurity Awareness Month, still talking about the same things. While it seems like we should be making progress, as we mentioned in last week’s blog, cybercriminals are still wildly successful in their exploits.
So, what’s going wrong?
When we look at why bad actors continue to be successful, there are two main possibilities relative to Cybersecurity Awareness Month:
- We’re focused on the wrong things, OR
- The right message isn’t getting to—and instilling change in—the right people
The themes are still as relevant as they were at the dawn of the digital age. Adhering to password best practices, updating software, staying vigilant of phishing attempts, and turning on multifactor authentication are still the most effective ways to fend off cybercriminals.
Given that, it must be training and education where things break down.
While it’s true that repetition helps you retain information or turn your tennis serve or golf swing into muscle memory, pure repetition without the right curriculum, routine, reinforcement, and culture can easily turn repetition into ineffective noise.
While cybersecurity tools that provide identity and access management, incident detection and remediation, data encryption, and software assurance are effective and necessary, it’s better if we can prevent the bad actors from breaching an environment in the first place. After all, an ounce of prevention is better than a pound of cure, which in the cyber world is both disruptive and expensive.
Continuous education is the key!
There’s an old saying that everyone at a company is in sales, but everyone is also in security – from the front desk attendant to the CISO and everyone in between.
Because every person in a company or agency is a physical and/or digital access point to the organization and its infrastructure.
Many organizations aren’t training the right people in the right ways, or worse, are not training at all! They don’t make it a priority – they either do nothing or perhaps send the same annual company-wide email sharing a few best practices. To make meaningful impact and change, the right tools based in instructional design best practices must be implemented and consistently engaged. The work of cybercriminals is never done, and neither is the work of training and learning.
According to a study by the eLearning Industry, students who receive well-designed eLearning courses are 50% more likely to achieve learning objectives compared to those who receive poorly designed courses.
What does a well-designed course look like? They vary the use of text, images, videos, and audio, provide effective assessments to reinforce learning objectives, and they offer differentiated instruction based on the learner.
The learning tool we promote here at MFGS, Inc. is our Adoption Readiness Tool (ART).
The expert-built simulation-based ART courses are easily customized via its powerful single source authoring tool, allowing customer experts to add relevant policies, simply record on-screen activity, and then publish to be accessed by users anytime, anywhere. With ART, users achieve competence considerably faster and make use of more application features, which heightens user productivity, improves end-user satisfaction, and helps maximize organizations’ return on investment (ROI).
Through this industry-leading eLearning tool, learners spend 50% less time in training yet experience greater retention of the topics. The result is improved effectiveness and productivity, reduced costs in both training time and remediation of cyberattacks, and overall reduction of risk.
What kind of training do you provide to your teams? Are you reusing that annual email or creating a well-defined plan for success? With the stakes continually increasing, use this Cybersecurity Awareness Month to evaluate and implement a plan that focuses more on that ounce of prevention so you can avoid the expensive, disruptive pound of cure.
Chief Technology Officer