5 Keys to Effective Cyber Security Awareness Training

Keyboard Security
  • December 8, 2015
  • Print This Post

Last month, researchers at CompTIA, the non-profit IT trade association, released the results of an experiment. They left 200 unbranded USB flash drives in high-traffic, public locations in Chicago, Cleveland, San Francisco and Washington, D.C. In about one in five instances, passersby picked up and plugged those flash drives into a device. Next, those users engaged in several potentially risky behaviors: opening text files, clicking on unfamiliar web links or sending messages to a listed email address.

CompTIA’s experiment, conducted as a complement to its annual survey and corresponding white paper, “Cyber Secure: A Look at Employee Cybersecurity Habits in the Workplace,” illustrated a nagging trend: People remain a company’s biggest risk to secure computing.

“These actions may seem innocuous, but each has the potential to open the door to the very real threat of becoming the victim of a hacker or a cybercriminal,” said Todd Thibodeaux, president and CEO, CompTIA, in a news release.

Yet, according to CompTIA’s companion survey of 1200 U.S. workers, 45% say they don’t receive any form of cybersecurity training on the job. And when companies do provide training, 15 percent of them still rely on paper-based manuals.

“We can’t expect employees to act securely without providing them with the knowledge and resources to do so,” Thibodeaux commented in the release. “Employees are the first line of defense, so it’s imperative that organizations make it a priority to train all employees on cybersecurity best practices.”

Increasing training may be especially important as GenY becomes a larger contingent in the workplace. Data from the Bureau of Labor Statistics indicates GenY – also known as Millennials – will make up nearly half the nation’s workforce by the end of the decade.

And this trend may heighten cyber security risks. Through their experiment CompTIA researchers discovered 40% of Millennials are likely to pick up a USB stick found in public, compared to 22% of Gen X and 9% of Baby Boomers.

So, when your company resolves to boost the cybersecurity awareness training, how can you be sure to do it right? CIO Magazine asked a group of tech executives for their advice. Here’s a digest of what they offered:

  • Involve Everyone at All Levels – No level of an organization should be exempt from cybersecurity training, especially the firm’s leadership. In fact, having top management participate in programs demonstrates the importance of the issue.
  • Design Interactive Programs – Handing out manuals or distributing slideshows alone won’t make much impact or send the right message about the urgency of the issue. Engage staff by working with them one-on-one whenever possible and conducting a lot of Q&A.
  • Require Commitment, Enforce Accountability – Equip staff with tools and clear instructions, and then solicit formal commitment to using those measures. To thwart complacency, there should be some form of concrete accountability if individual or organizational adherence to policy grows lax.
  • Eliminate Ambiguity – Identify specific actions that pose risks, such as using random flash drives, provide precise instructions for avoiding those dangers. Communicate this information to the company on a regular basis. Cyber crooks work fast to develop new attacks; you should work fast to keep pace.
  • Make Training Continual and Vary Techniques – Like any set of good habits, best practices in individual cybersecurity need repetition and reinforcement to take root. Stage training sessions more than once a year, and conduct other activities in the interim, such as newsletters, alerts, security checks, etc.

Need Help With
Your IT?

Find a Location


Need Help with your IT?

Find a Location
Near You.


into the evolving world of IT for business.
Subscribe now.

Follow Us
Friend me on FacebookFollow me on TwitterFollow my company on LinkedInRSS Feed

Follow us on Twitter


ITinflections is a blog that covers a wide range of technology-based articles IT in the workplace, focusing on small- to medium-sized businesses.

If you’re looking to improve your company’s productivity through the effective use of technology, enjoy ITinflections, the blog about technology for business.