Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Edge Articles

11:15 AM
Joan Goodchild
Joan Goodchild
Edge Features

10 Security Awareness Training Mistakes to Avoid

Give your cybersecurity culture a boost by adding these to the "don't" column of your cybersecurity awareness training do's and don'ts list.


Don't Forget to Follow Up 

So what did employees think of the training? If you don't ask, you're missing an important part of awareness.

"Not getting feedback is a big 'don't' for security awareness training," says Nick Santora CEO of Curricula, a security awareness training firm. "You need to get buy-in from your employees and feedback from them on what they're learning and what they're missing because that will shine the light on potential vulnerabilities leading to a breach."

You should also be regularly engaging with employees about how they feel about reporting incidents.

"In every training, you tell users to whom they should report incidents," YL Ventures' Ellis says. "That part of your security team is probably the lowest-paid part; they might respond with a form letter that includes suggestions on being more aware. And then, of course, nothing further happens. The user who reported it learns that a few hours after the report, a fellow user did fall for the same social engineering attack and wonders why they'd bothered reporting it, since apparently it didn't help."

Joan Goodchild is a veteran journalist, editor, and writer who has been covering security for more than a decade. She has written for several publications and previously served as editor-in-chief for CSO Online. View Full Bio
5 of 12

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Cartoon Caption Winner: Magic May
Flash Poll