TOP TRAINING COMPANY BEST PRACTICES

With the recent Ransomware cyber attack, thought to be one of the biggest in history, many organizations have been scrambling to update their internal security measures. “Security experts said the attack appeared to be caused by a self-replicating piece of software that enters companies when employees click on email attachments, then spreads quickly internally from computer to computer when employees share documents.”¹

The cyber attack also raises questions:

• How well trained are your employees to deal with a cyber attack?
• When was the last time your cybersecurity training program was updated and delivered?
• What measures are in place to ensure cybersecurity remains top of mind for employees?

For the past 10 years, Cisco has been publishing an Annual Cybersecurity Report (ACR). To compile the 2017 report, almost 3,000 chief security officers and security operations leaders from 13 countries were surveyed.

According to the 2017 report, “…over one-third of organizations that experienced a breach in 2016 reported substantial customer, opportunity and revenue loss of more than 20 percent. Ninety percent of these organizations are improving threat defense technologies and processes after attacks by separating IT and security functions (38 percent), increasing security awareness training for employees (38 percent), and implementing risk mitigation techniques (37 percent).”²

For many organizations, employee cybersecurity training is delivered once as part of the on-boarding process and not revisited again…until there is an incident. To ensure your company is protected, security needs to be part of every employees' daily job.

Develop clear cybersecurity policies

StaySafeOnline.org offers these tips to help create a security culture in your company.

• Keep a clean machine: Develop clear rules about what programs employees can install and keep on their computers. Make sure they understand and follow these rules.
  
  
• Create strong passwords: Encourage employees to create passwords using a mix of upper and lower case letters, numbers and symbols. Send regular reminders for employees to change their passwords. 
  
  
• Delete suspicious messages: Be aware of suspicious links in emails, tweets and messages, or attachments in emails and don’t click on them or open them.
  
  
• Develop reporting policies: Put in place policies for employees to follow if they receive a suspicious message or are concerned about security. Make it clear who they should contact, whether IT or the security team.

Review and update your training program

A takeaway from the Cisco Report is that businesses need to “Make security a business priority. Executive leaders must own and evangelize security and fund it as a priority.”⁴

If you haven’t done so recently, now would be a good time to review, update and schedule your cybersecurity training program. To address this issue in a timely manner, you may want to consider hiring a contract Instructional Designer with cybersecurity experience.

An Instructional Designer can work independently or with your learning and development team to review the current state of your training program, interview subject matter experts to find out the changes that need to be made, and prepare the program for delivery.

At TrainingFolks, we have a broad range of experience in Compliance and Risk Training. With access to a global network of Instructional Designers, we can recommend a professional to work on your project – contact us today.

When considering a contract Instructional Designer, be sure to download the “Instructional Designer Interview Rating Scale” to use during the interview and help you make the right choice.

References

1 http://www.nbc-2.com/story/35421463/worldwide-cyberattack-forces-microsoft-to-offer-free-tech-fix  

2, 4 https://newsroom.cisco.com/press-release-content?articleId=1818259