No matter how rigorous an organization's technical security, human error continues to confound these efforts. Firewalls, intrusion detection software, and other sophisticated tools are a waste of time and money when employees ignore security protocols. Unfortunately, sending out directives from the IT department won’t do anything to solve the problem; building a culture of security takes time and effort. First, it’s important to consider frequency. Deeply ingrained behaviors won’t be changed by a single training session; an ongoing conversation with employees is needed to replace bad habits with better ones. Employees have short memories, and repetition is needed to hammer the importance of good cybersecurity practices home. A well-designed cybersecurity campaign also cannot simply be a dry set of rules, divorced from an employee’s day-to-day job. If done correctly, employees will understand how cybersecurity practices fit into their work flows, and come away understanding how their behaviors can affect the organization overall.
Cybersecurity Training Must Be Holistic, Repetitive