When many consider “information security,” they think of infrastructure or protecting the network. But what many folks outside of IT fail to consider is how they, themselves, actually impact the information security of their organization. Data breaches often begin with human error, and network security at a physical level is just as important as the firewall: unlocked doors, clicking on a suspicious email, not logging out of your laptop—these things all add up to what could potentially be major security issues. Add mobile device management policies and a varied technical skillset among your workers and, well, you can have quite the knowledge gap.
Having an Information Security, or “InfoSec” policy established in your employee manual is a solid first step to increasing employee awareness of their role in IT. No doubt, IT will always be under pressure and when there are technical issues they are usually quite visual (everyone sees when the network is down or when there is slow connectivity, for example). However, starting off with an InfoSec policy is a good way to establish a community of responsibility at your company. Following are some best practices for performing information security awareness training.
Best practices for Information Security training
Hone in on your takeaway
Realize that you won’t be able to explain everything in one day. What is your key takeaway, after you boil everything down? Decide on the one thing you want to be sure to communicate. Start there in your education process.
Understand your audience
Next, consider your audience. How comfortable are they with technology? What industry do you work in? If you’re a startup in a highly technical environment with most workers 35 and younger, then you will likely be communicating to them in a drastically different way than if you work in a more conservative industry—say, financial services—and if the organization as a whole is less mobile or less progressive.
Evaluate how your audience is impacted by information security every day. What are some of their most common and basic needs? How can you relay the importance of security to them in a way they will appreciate and grasp its core concepts?
Create your information security training
Create a training plan, suited to your audience’s needs. Leverage many different formats if possible to keep the material interesting and to take into account that everyone learns differently. Then, create a template for your materials. Saving what you create via a template will save you hours of work in the future, and will make it a cinch to update as needed.
It’s a good idea to plan for quarterly updates, and to update more frequently for major changes or urgent situations. Ask your audience how they prefer to receive updates—email, a quick meeting, video?
Help employees become more resourceful
Information security is always running smoothly—until it’s not. It’s a common situation: an employee has a question or something occurs on their computer and they panic. Reducing your flood of incoming calls for minor issues is an enormous benefit of basic InfoSec training.
While you can’t expect your company employees to know all that you do, you can arm them with as much information as you can to help them make good decisions and figure out basic challenges on their own. An intranet database of materials is a good start, or simply shared files in a network folder. Some companies even leverage social media to filter non-urgent questions and to educate their workforce.
The dual benefits of information security training
While information security awareness training is a vital component to adding an additional layer of education and protection around your network, it’s also an effective method of reducing the countless hours spent focused on basic IT challenges. Educating your fellow employees creates efficiencies across the board and a more informed, unified organization.
Here at Twinstate, we have IT experts to help you fill in the gaps when it comes to IT services and cybersecurity–like password protection.
Read more about cyber awareness training: