Mike Hendrickson is VP, IT Cert & Dev Products at Skillsoft. Prior to Skillsoft, Mike spent 15 years at O’Reilly Media, Inc. where he most recently was the VP of content strategy. Mike is a technology strategist with extensive experience establishing, building and maximizing relationships with industry leaders, companies, and partners. Throughout his career, Mike has demonstrated success leading, directing and managing the development, sales and delivery of thought-provoking content.
The importance of privacy and safety cannot be overstated in this digital age. So much of our business infrastructure relies upon digital technology. This makes the technology, and the data it contains, a constant target for hackers and other malicious actors. As a result, robust cybersecurity training is imperative for businesses that want to keep their insights, data, intellectual property, and additional proprietary information safe and secure.
For many, one of the answers to the problem has been cybersecurity awareness programs. The traditional approach is a mandated one-off training session where employees read information and answer questions. But given the growing cost of data breaches and cybercrime, IT and security experts are coming to the realization that they must refine how they train their workforce to effectively combat threats.
So, how can organisations encourage learning about cybersecurity to protect our assets more effectively?
- Introduce regular, individualised training
Training equips employees with the tools they need to be more thoughtful about cybersecurity. It boosts morale and leads to high-quality outcomes and quicker incident resolutions. However, employees’ existing workload can often act as an obstacle. If you have a lot on your plate, engaging in security training can be a big ask.
Nevertheless, training is vital to defending against phishing attacks, intrusions, and malicious threats, so managers must ensure adequate time to complete training in full. Security managers need to reinforce the value of training via multiple routes. If employees prefer books, on-demand training, or instructor-led courses, it’s crucial to provide them with the vehicle that best suits their preferences.
- Incorporate blended, continuous learning into daily work
It is essential to see cybersecurity training not just as a one-off quarterly session, bolted to the employees’ real work. Instead, it should also be incorporated into day-to-day activities, so there is always a strong engagement with security priorities. This can be done simply by having clear, regularly communicated updates around threats and best practices. Engaging a dedicated cybersecurity team with visibility across the organisation — and direct feedback into training — is the best way to ensure that the workforce is fully aware of its responsibilities.
- Ensure your training reflects past trends
Explore your attack vulnerabilities regularly. The only way to successfully defend against threats is to be aware of all possible entry points and how every aspect of your organisation is affected by them. By making that information widely available at regular intervals, you can map previous trends to fine-tune your training. Creating updated contingency plans and protocols, conducting game-day scenarios, refreshing documentation and making it accessible will help ensure you minimise the impact of attacks when they inevitably occur.
By sharing trends, strategies, and new developments as they happen, you’re giving the workforce insight into how you’re keeping them safe. Education and communication help create a cyber-aware community where we all look out for each other.
- Keep your training up to date
It is critical to ensure your training content and methodologies are continually refreshed. Skillsoft has developed Skillsoft Career Journeys, which delivers customised, immersive learning experiences for the most sought-after career and technology areas. These career-centric learning programs enable employees to develop and master mission-critical cybersecurity competencies at scale.
The Cybersecurity Career Journey combines learning science with expert content to increase knowledge retention and on-the-job application of new skills. It is a prescriptive path to certification and skill development built on a trusted foundation. The 12-month program delivers all the training your security professionals will need to develop advanced cybersecurity competencies, including on-demand videos, instructor-led training, books, test preparation, hands-on practice labs and mentoring.
- Ensure data security, privacy, and compliance
Organisations should establish a broad data privacy strategy, including high information governance standards that meet or exceed regulations. Creating such a culture of compliance around cybersecurity will not only avoid the risk of regulatory sanctions, costly reparations and incalculable reputational damage but also reap a competitive advantage in consumer trust.
Data security is not simply an IT responsibility. In fact, among the most significant risks to privacy and information security are employee actions. Well-meaning but poorly trained employees can cause a breach by falling for a phishing scam, inadvertently downloading malware, or clicking on a malicious link. Therefore, any training should encompass both broad data privacy concepts as well as specific requirements and cyber threats.
These are just five ways to improve your cybersecurity landscape quickly. There are many others, most of which will be unique to your business and working practices. Remember, a solid cybersecurity culture thrives when employees are continuously educated and enabled. Getting them enthusiastic about their personal cyber safety will help them understand why they should be vigilant regarding their employers’ security. When staff know what to look for and clearly understand what their security teams do, they can better protect themselves and the organisation’s data.