Cybersecurity training is not for the faint of heart (or the unprepared). As the IT director of your firm, you’re looking to not only run a cybersecurity training session, but to make sure that session is successful. Now that you’ve completed your preparations and planning it’s time to execute.
Successfully executing a cybersecurity training means that your peers will have a better understanding of how to handle future threats and protect their data - which means you’ll also be improving the long term health and efficacy of your firm. Making sure your cybersecurity training goes off without a hitch can be boiled down into five steps. We’ve broken down each of those steps in order to help you better achieve your cybersecurity objectives and to set you on the right course.
Open your training by stressing that, above all else, cybersecurity is a business risk. The safety and security of the information you’re dealing with drives client trust and, as a result, client satisfaction and retention. Without specific policies and security measures in place, this sense of trust is diminished. Getting everyone to agree on this point will help open up the meeting on a unified note.
Present the agenda and begin to review and discuss the policies within it
Continuously scan the room to gauge body language and facial expressions in order to identify specific points that may require additional detail or discussion. Reference the terminology handout you’ve prepared throughout the training and request that they review this handout following the meeting as well.
Training Tip: Explain the security threats using examples they can relate to. For example, a flash drive contaminated with malware when plugged into your personal computer can unleash a virus and damage files and beyond.
Present your case studies and examples
Be sure to work the case study from start to finish, so that you paint a picture that is complete and easy-to-follow. Unless previously discussed with the individual who submitted the case study, illustrate the examples anonymously to prevent putting anyone on the spot.
Set aside time to role play
Once you’ve reviewed the case studies, break into small groups and present them each with potential scenarios, asking them to consider the scenario and present solutions.
Some ideas for scenarios you can present include an example of:
- Malware as a popup on an employee’s internet browser
- A phishing email that appears to be coming from someone within the organization with a link to download a file or a link that takes you to a legitimate-looking website to enter login credentials to access information
- An SQL vulnerability, such as outdated plugins, present on the company site that would enable an SQL attack
- Cross-site scripting attack from a malicious link in a comment on a blog.
This type of training will allow individuals to fully immerse themselves in various situations and critically think through the best approach to take. The small group setting will encourage discussion and the evaluation of multiple solutions.
Ask each group to follow the below steps, and emphasize the implementation of this approach outside of the training session as well.
- Review the scenario
- Assess the situation
- Detect if there are any threats present
- Decide upon your response
- Determine how to best defend from these attacks in the future
Wrap it and recap it
Wrap up the training with a recap of key takeaways, and if you choose, reward the sharing of takeaways and correct answers with mini treats such as movie tickets, candy, Starbucks cards, etc.
At Trumpet, we take cybersecurity, and subsequently cybersecurity training, very seriously. We also want to spread the wealth and help ensure you’re on the right track to have your most effective cybersecurity training session ever. For that reason, we created the Cybersecurity Checklist. This is an in-depth, comprehensive ebook that will guide you from the planning stages of your training session to beyond. Download yours here: