Be Aware: 8 Tips for Security Awareness Training
Hint: One giant security training session to rule them all is not the way to go.
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blt53fddf0bdb34f07f/64f0dc6b62fadcc39c497cc5/moneycrop.jpg?width=700&auto=webp&quality=80&disable=upscale)
Throwing money at a security problem does not always improve security. Taking money away from an awareness project does not always improve return on investment. So, the panelists advise, do not let the almighty dollar run your awareness program.
Although awareness may give you a better dollar-for-dollar ROI than any other security measure, as Baker suggested, Melancon cautioned, "Don't see spending as a key metric of effectiveness."
Michael Crouse, director of insider threat strategies for Raytheon Cyber Products, added that when it comes to getting management buy-in for security awareness, remember that "buy-in" does not necessarily mean "budget."
Easier said than done? Have other awareness tips and tricks that have done wonders for your organization? Let us know in the comments below.
It's every security professional's nightmare. All your best security measures: rendered useless by one great social engineering attack, one lost smartphone, or one weak password.
If only your users understood that security is everyone's job. If only they took your friendly reminders, heartfelt pleas, angry threats, and authoritative demands seriously. If only they weren't so stupid.
Maybe the problem isn't just your users -- it's your lousy security awareness program.
Awareness may be even more difficult than the most complex security architecture rip-and-replace. It's hard.
During the "Securing the Human" panel discussion at the Cyber Security Summit in New York earlier this month, experts shared some tips on how to make security awareness easier and more effective.
Image: "Anna Held's Eyes," Library of Congress via plaisanter~.
It's every security professional's nightmare. All your best security measures: rendered useless by one great social engineering attack, one lost smartphone, or one weak password.
If only your users understood that security is everyone's job. If only they took your friendly reminders, heartfelt pleas, angry threats, and authoritative demands seriously. If only they weren't so stupid.
Maybe the problem isn't just your users -- it's your lousy security awareness program.
Awareness may be even more difficult than the most complex security architecture rip-and-replace. It's hard.
During the "Securing the Human" panel discussion at the Cyber Security Summit in New York earlier this month, experts shared some tips on how to make security awareness easier and more effective.
Image: "Anna Held's Eyes," Library of Congress via plaisanter~.
Throwing money at a security problem does not always improve security. Taking money away from an awareness project does not always improve return on investment. So, the panelists advise, do not let the almighty dollar run your awareness program.
Although awareness may give you a better dollar-for-dollar ROI than any other security measure, as Baker suggested, Melancon cautioned, "Don't see spending as a key metric of effectiveness."
Michael Crouse, director of insider threat strategies for Raytheon Cyber Products, added that when it comes to getting management buy-in for security awareness, remember that "buy-in" does not necessarily mean "budget."
Easier said than done? Have other awareness tips and tricks that have done wonders for your organization? Let us know in the comments below.
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024