Is Security Awareness Training getting outdated?

Posted by Ragnar Sigurdsson

 

You are responsible for security awareness training, but you are not a teacher. Am I right?

So why are you responsible for training, when it is your responsibility to protect the company's data?

The truth is, hackers, like most people, tend to choose the path of least resistance when they compromise the security of organisations.
 
This path is very often through people, and cyber security threats are exploited through human behaviour. It is usually the uninformed employees that lead to the breaches.
 
Unfortunately human behaviour is predictable and we are thus vulnerable to attacks.
 
The good news is that through training and awareness the risk from these threats can be reduced.
 
Back to the training part. What you need to understand is that some of your employees are lazy.
 
They might recognize that security awareness training is essential, but they want it to be over as fast as possible.
 
Employees don't want to struggle to read and digest boring security awareness text. They want to be able to understand it quickly and efficiently and continue with their day-to-day job.
 
Just because they want to absorb this content quickly doesn't mean quick training programs are ineffective.
 
A video, however, is a tool that can take your security training from boring to exciting.
 
30 seconds of video is capable of conveying much more information than any text.
 
Videos have been used for marketing purposes for some time now. According to HubSpot, video is here to stay [1]. YouTube is also the world's second largest search engine, which supports that.
 
According to an  report from HubSpot Research, 54% of consumers want to see videos from brands they support. [1]
 
 
So it's strange, then, that some people don't understand how useful it is to include videos in their training program.
Read More

Topics: GDPR, security awareness, data protection officer, dpo, video training, awareness training

Awareness raising made simple for the DPO

Posted by Ragnar Sigurdsson

Ok, so now you are the Data Protection Officer.  One of your primary duties is awareness raising and training of staff involved in processing operations, a simple task, right?

Read More

Topics: security awareness, dpo, data protection officer, tasks, GDPR, cyber security