Heads Up! Train Everyone on Cybersecurity

Daily cyber threats are an ongoing problem for organizations. They disrupt operations, tarnish reputations, and cost companies millions of dollars. Today’s General Counsel published a post on the “what” and “how” of cybersecurity training.  Here are the “why’s” and “when’s,” as highlighted by Matthew George in a recent Training Industry Magazine article.

• Train everyone at least twice a year. Train your cybersecurity team, executives, and all other employees. Be aware that training requirements may vary based on roles and levels of responsibility. Employees who work in legal and compliance, for example, will need to know about incident response protocols and the process for notifying clients after a breach.
• Ensure retention. The SANS Institute 2022 Security Awareness Report recommends that organizations communicate to, interact with, and/or train their workforce at least once a month. Make sure the training program is up-to-date with the latest recommendations for responding to suspicious activities.
• Continually test employees. The training should provide examples of situations in which employees need to make decisions about the action that should be taken. Also, your cybersecurity team should periodically conduct phishing tests to see which employees respond.
• Teach executives about fines, penalties, and regulations. The Payment Card Industry Data Security Standard (PCI DSS) fines vary from $5,000 to $100,000 a month for non-compliance. If you want to do business with state or federal agencies, you may need to show that all your employees must undergo annual cybersecurity compliance training.

Ensuring everyone takes cybersecurity awareness seriously can enhance an organization’s overall security posture and create a resilient defense against evolving cyber threats.