Be Aware: 8 Tips for Security Awareness Training

Hint: One giant security training session to rule them all is not the way to go.
Throwing money at a security problem does not always improve security. Taking money away from an awareness project does not a
Repeating and reinforcing the message is Security Awareness 101 -- but you can't maintain users' attention if you truck out t
Users are more engaged in security awareness training when you use gamification and competition, says Melancon. "Nobody wants
Careful with those mock attacks, though. "Communicate [your plans] in advance," said Amy Baker, vice-president of marketing f
Anyone who's ever run a business continuity plan, a fire drill, or a sports team will agree with Melancon's next advice. "Reh
Don't overload users with rules for every possible eventuality. Try to find out which security policies and controls users ar
Instead of creating one perfect security awareness lesson that will turn every user in the organization into a true believer,
Even the most charismatic IT security person has trouble getting users to take their advice seriously. Naheed Bleecker, senio

It's every security professional's nightmare. All your best security measures: rendered useless by one great social engineering attack, one lost smartphone, or one weak password.

If only your users understood that security is everyone's job. If only they took your friendly reminders, heartfelt pleas, angry threats, and authoritative demands seriously. If only they weren't so stupid.

Maybe the problem isn't just your users -- it's your lousy security awareness program.

Awareness may be even more difficult than the most complex security architecture rip-and-replace. It's hard.

During the "Securing the Human" panel discussion at the Cyber Security Summit in New York earlier this month, experts shared some tips on how to make security awareness easier and more effective.

Image: "Anna Held's Eyes," Library of Congress via plaisanter~.

Next slide
Recommended Reading: