Putting Humans@Center in your cybersecurity strategy
Every human has good and bad days and, sometimes, we forget about security. Whether it is due to social norms (holding the door for someone right after you) or laziness of performing a tedious verification (clicking on a phishing e-mail which looks legitimate), we can all, from time to time, adopt the wrong behaviors
A cybersecurity culture and awareness program can protect you against these risks. A successful awareness leader has a program with clearly defined objectives. The program should be tailored to the organization’s threat landscape starting from an adversary point of view.
It is important to realize that culture change is not a one-shot effort. Continuous reinforcement using different communication channels and platforms is important and should be tailored to the target audience and organization. Communication is about tailoring your message and repeating it.
Moreover, trainings will be more efficient if they are fun and include a rewarding mechanism. Find what works the best with your audience by collecting regular feedback and involving the workforce into the design of the program.
Measuring the success of behavioral change through compelling metrics would not only allow to assess the effectiveness of your efforts and prioritize future awareness actions, but would help to convince the board to ultimately unlock the much-needed awareness budget.
Obviously, the awareness program should be as attractive and accurate as possible. But don’t think too big, the awareness program should match the organization’s culture, budget and resources. Also, don’t be impatient and keep in mind that this process can take several years.