Is Security Awareness Training getting outdated?

Posted by Ragnar Sigurdsson


You are responsible for security awareness training, but you are not a teacher. Am I right?

So why are you responsible for training, when it is your responsibility to protect the company's data?

The truth is, hackers, like most people, tend to choose the path of least resistance when they compromise the security of organisations.
This path is very often through people, and cyber security threats are exploited through human behaviour. It is usually the uninformed employees that lead to the breaches.
Unfortunately human behaviour is predictable and we are thus vulnerable to attacks.
The good news is that through training and awareness the risk from these threats can be reduced.
Back to the training part. What you need to understand is that some of your employees are lazy.
They might recognize that security awareness training is essential, but they want it to be over as fast as possible.
Employees don't want to struggle to read and digest boring security awareness text. They want to be able to understand it quickly and efficiently and continue with their day-to-day job.
Just because they want to absorb this content quickly doesn't mean quick training programs are ineffective.
A video, however, is a tool that can take your security training from boring to exciting.
30 seconds of video is capable of conveying much more information than any text.
Videos have been used for marketing purposes for some time now. According to HubSpot, video is here to stay [1]. YouTube is also the world's second largest search engine, which supports that.
According to an  report from HubSpot Research, 54% of consumers want to see videos from brands they support. [1]
So it's strange, then, that some people don't understand how useful it is to include videos in their training program.
Read More

Topics: security awareness, dpo, data protection officer, GDPR, awareness training, video training

The 2018 Security Awareness checklist

Posted by Ragnar Sigurdsson

Security Awareness training is essential for companies, but can be a daunting task.  This year the new General data protection regulation (GDPR) will take effect in Europe.  Compliance is necessary for all companies and this new regulation will make it mandatory for many companies to assign a dedicated Data Protection Officer (DPO) to handle their data security affairs.  

Numerous new DPO's will be starting each month on their new jobs, and one of the DPO's main tasks is to handle security awareness training at their company. We know this can be overwhelming when you are starting and it is hard to know where to begin.  So we created a simple checklist for the DPO's to help them get started and help make this process at least a little bit easier.

Currently our list contains 24 subjects that every DPO needs to be aware of, but we will be updating this list on a regular basis.   

If you feel that anything is missing, we would appreciate to the hear from you at 

Download DPO checklist - Security awareness
Read More

Topics: security awareness, dpo, checklist

Awareness raising made simple for the DPO

Posted by Ragnar Sigurdsson

Ok, so now you are the Data Protection Officer.  One of your primary duties is awareness raising and training of staff involved in processing operations, a simple task, right?

Read More

Topics: security awareness, dpo, data protection officer, tasks, GDPR, cyber security