It’s the most wonderful time of the year – if you’re a prankster at heart. That’s right, it’s April Fool’s Day. What devious plans do you have for friends, family and coworkers? While you may have just the right trick that will make you laugh (along with the victim, hopefully), there are malicious cybercriminals out there who have nefarious plans for your company.
Unfortunately, keeping up on the latest security needs can be a challenge for enterprise training leaders, chief information security officers (CISOs) and chief learning officers. While 96 percent of professionals surveyed by ESG and ISSA agree that up-to-date training is vital, none of the top ten computer science programs in the U.S. require a cybersecurity course. However, with the right on-the-job training strategy, security and training leaders can turn the tables in a constant arms race between businesses and attackers.
So, why not give the biggest fools of cybersecurity a taste of their own medicine? Here’s how corporate cybersecurity training strategies should mirror the way you prepare for an April Fool’s Day prank.
Get your game on
When you were younger, you may have talked a big game, but how many of us actually followed through on that prank we had planned? Maybe we didn’t think it through all the way or thought it wouldn’t work. After all, if you want to fool someone, you’ve got to commit to it. The same applies to your security training. It won’t happen organically; it requires planning and preparation on your part, beginning at the top. According to the ESG/ISSA study, nearly two-thirds of organizations aren’t providing sufficient training to keep up with security challenges.
This statistic alone should inspire CISOs and training leaders to step up their game.
To get started turning the tables on would-be attackers, consider where your areas of greatest weakness are. It’s probably employees rather than your tech itself; 91 percent of cyber attacks originate with a spear phishing email. That’s why training IT staff – and non-technical employees – is the low-hanging fruit of security improvements.
Choose your ground
Once you’ve committed to your trick, you’ve got to get the logistics right. Do you prank someone at home, at the office, or somewhere else? Do you need some help, or supplies? You can’t do the old bucket of water on the head prank without the bucket.
Corporate security training programs need to be set up the right way. Are employees distributed in different offices throughout the world? Then in-person training likely won’t work.
Virtual IT training labs deliver the same benefits of sitting in a room together, plus a few extra. Employees can access the training from anywhere with an internet connection – a valuable feature for today’s global enterprises. The virtual lab recreates the learner’s working environment and mimics real-life scenarios for maximum impact. Take a lesson from Linda Dougary, lead learning consultant at NASDAQ BWise. According to Dougary, virtual IT training labs, “helped us reduce the time and costs of formal training, while better supporting learners (software users) in their moment of need.”
CloudShare research has shown that two-thirds of employees found virtual training helps them achieve their goals faster and positively impacts their performance. One of the most important benefits is the self-paced nature of the training, which was rated as effective by 91 percent of those surveyed.
The best part of any prank, of course, is seeing the reaction of the victim (remember Ashton Kutcher’s Punk’d?). It’s priceless. And while you can’t see the frustration on a cybercriminal’s face when they find that you’re one step ahead of them, you can enjoy the fruits of your training efforts in your company.
Gartner’s Three Critical Factors in Building a Comprehensive Security Awareness Program said, “By 2020, organizations that use a multi-pronged approach to security awareness will experience a 40 percent increase in overall employee security competency compared to their position in 2017.”
The benefits extend beyond security as well.
The prank that keeps on giving
Just like you want to pull the prank everyone talks about for years to come; you want your training strategies to be the one everyone can’t get enough of.
One of the most important advantages of good IT security training is that employees are more engaged. A study conducted by Middlesex University revealed that exposure to more training leads to happier employees. Further, Good & Co found employees who are happy are 31 percent more productive and drive 37 percent higher sales.
Virtual IT training engages the learner, but the added benefit is how much data it provides. By tracking user interactions, your training department can use the information for assessment and improvement. This is particularly important when you consider that only 8 percent of companies actively assess the effectiveness of their training. Like any other department, your corporate training team benefits from consistent improvement, which can contribute to ongoing security readiness.
As notable training influencer Ken Taylor, president of Training Industry, said, “As a tech training leader, your priority for 2019 should be to focus on the learner experience.”
Today, the average financial toll of a breach to an organization is $3.86 million. With those stakes, you’d have to be a fool to ignore the importance of security training.
Want to prepare your team to take on the cybercriminals and be a fool-er rather than a fool-ee? Check out our e-book, “Under Attack! How Chief Information Security Officers Should Respond to the Cybersecurity Crisis.”