What cybersecurity awareness techniques have you found most effective?

3.4k views1 Upvote25 Comments

Sort by:

Field Chief information Security Officer (CISO) for Public Sector & Client Advisor in Finance (non-banking)2 years ago

1) Do year-round training - not one and done annually.
2) Keep content brief, frequent and focused.
3) Teach people things they do not already know. (Note: some repetition is fine, but don't make it constantly like TV reruns that they've seen 5-7+ times.
4) Make it interactive and fun. (Videos alone are not interactive.)
5) Gamify the content if possible.
6) Mix in multiple modes of delivery. (including in-person events, newsletters, brief modules, emails, quick tips, +++)
7) Change it up. Don't have the same program every year - boring.
8) Get feedback. Talk to staff and management about what's missing.
9) Talk to industry vertical peers about their experiences and programs.
10) Know your audience and tailor to their needs (adding current incident events that are relevant and impactful.)

Director of IT in Software3 years ago

Implement a comprehensive security policy. Establish a comprehensive security policy that outlines the company’s expectations for security practices, including user access and authorization, password strength, data encryption and storage, and other best practices.

Director of IT in Software3 years ago

We have done a series of things. What was most effective was using KnowBe4 for training and assessments. This helped to put my users on alert about cybersecurity. It also helps to do phishing tests a few times a year to make sure everyone is staying alert. We look at the types of spam emails that come through and set up our phishing tests based on those emails.

Founder & CISO in Education3 years ago

We’ve seen both the participation and the learning improve when we’ve run gamified sessions and exercises related to security for both general compliance hygiene and dev security. Another thing is to make sure the learning is followed by a re-learning after regular intervals.

VP of IT in Banking3 years ago

1. Conduct cyber security awareness weeks and mandatory training for the staff. Distribute easy to use checklists(printed/digital) that eliminate the need to remember what to do in case of an emergency or avoid the attack itself.
2. Simulate social engineering/phishing tests for the staff and recommend training for those who failed.

Content you might like

How concerned are you about burnout in your department? Is burnout a problem in your industry?

Seeking insights for research universities regarding CMMC 2.0 adoption and compliance. I'm listing our full question set below, but we would welcome insights on any or all of these:

1. What is the anticipated timeline for CMMC 2.0 adoption by the Federal Government? Any insights on the expected rollout and implementation schedule?

2. From a Higher Ed CIO perspective, what are the key operational differences between each "level" in CMMC 2.0? Are there any specific challenges or considerations especially for research universities?

3. For a research university, which CMMC level would be the most suitable target? Are there any key dates or deadlines that Higher Eds and researchers should be aware of in their compliance journey?

4. What are the most crucial features or elements of CMMC that universities need to achieve compliance? Any recommendations or best practices?

5. Specifically, are there any requirements in CMMC for 7/24/365 "eyes on glass" network and/or endpoint monitoring? If there is an endpoint requirement, does it extend to all servers and laptops issued by the university, or is it limited to hosts involved in research grants? What is expected to demonstrate compliance in this regard?

6. Apart from CMMC compliance, are there other considerations or or strategies to consider when seeking to qualify for/reduce cyber risk insurance costs?

As technology leaders, where are you seeing the most challenges or gaps?

Executive Support10%

Projects vs. Operations68%

Building a culture of Security15%

Team Completeness5%

View Results

Does anyone have recommendations for risk management background services for a large technology consulting company? The employee count is over 20K.

What are your organization’s drivers for implementing RegTech?

Support future growth36%

Automate manual processes59%

Demonstrate compliance49%

Reduce risk exposure43%

Improve customer experience16%

Reduce costs13%