My work as director of the Security Awareness Training program at the SANS Institute affords me a view across hundreds of organizations and hundreds of thousands of employees trying to build a more secure workforce and society. As we near the end of this year’s National Cyber Security Awareness Month, here are two tips to incorporate robust security awareness training into your organization and daily work.
1. Focus the Training
Changing behavior is hard. But security awareness training shouldn’t be. Most training is just too hard for many users. “Too hard” has many definitions: Too long. Too much. Too often. Too boring. Too many behaviors. In general, many organizations make the mistake called cognitive overload, which is when you dump so much on employees that they simply forget it all. Sound familiar? There is a better way. Keep the training short and sweet and focused on what will really mitigate your risks. Avoid cognitive overload by taking the time up front to ensure engagement and relevance.
Read more at Dark Reading