Do you focus all of your security awareness training on new hires? Companies that don't offer training to new hires report annual average losses of $683,000, compared to only $162,000 for companies that do, which is the sort of compelling financial incentive that can cause a company to focus all their efforts in that direction. However, that can be a big mistake. Security awareness is best when it takes a multifold approach. Here are three approaches that can help you reach all your employees, not just the new hires.
Phishing simulation helps people anticipate ways that someone can breach your security simply by relying on human nature. It essentially teaches employees not to respond to attempts to get their password or other critical information out of them. However, you need more extensive training than simply telling people not to click on suspicious links. They need to know not to surrender their passwords or follow instructions when asked by the "IT guy" who is calling on the phone, and they need computer-based simulations that will help them really process what they're being taught through interactive lessons.
Unless you are spreading security awareness through multiple messages in multiple formats, you probably aren't getting the message across at all. Unless all of your employees are roughly the same age, there are differences in the way that they're used to seeing and processing news and information. Newsletters may work best for your older employees, while others will respond better to messages on the company's blog or through their email. Posters can spread awareness (and consciousness) of corporate security measures just by being in the background by the copier, in the break room, and by the door.
If you have a regular IT department or personnel, do all of your employees know who they are? Many IT departments are separated from the rest of the corporate employees because their jobs are so different. That means that your regular employees may not recognize the faces or voices of the people that they can rely on for support. If you use an outside company for support, do all of your employees know the name of that company? Do they know what ID to look for when someone comes to work on their computer? Host events that regularly encourage the IT staff to interact with the regular staff so that all of your employees in the different departments can recognize each other.
Security awareness training can't be limited to just new hires if you want it to be effective. For more information on how you can integrate security awareness training into your corporate culture, call a security consultant, such as CFISA.