You may have been thinking recently that your company needs to implement security awareness training. Maybe you’ve experienced a scare where a few employees have accidentally clicked on a phishing link in their Facebook inbox. You decide that behavior is risky for the person, but also for the organization.
How do you get started building security awareness training for your organization?
1. Recruit A Champion
A champion will sponsor the initiative at the highest levels within the company. This person has direct lines of communication with the CEO or other key stakeholders.
You may be the champion, or you may persuade someone with more clout to support the project.
2. Get Buy-In
Getting buy-in is the next logical step. Otherwise, why develop a project that isn’t supported?
The champion is largely responsible for getting leaders to agree to commit to this project.
However, this process can be difficult.
“Our research has shown that 70% of all organizational change efforts fail, and one reason for this is executives simply don’t get enough buy-in, from enough people, for their initiatives and ideas,” says Dr. John Kotter in an interview with HR Bartender.
Kotter offers some tips for success.
- Be prepared. Practice bolstering your case with trusted colleagues.
- Use more than data, logic, and reasoning. Keeping others’ attention may flounder with only numbers.
- Involve emotions. They are “essential to changing behavior.”
3. Define Success
Now that your security awareness effort has been greenlit, it’s time to define success.
- Who do you want to train?
- When do you want to train them?
- How long will the training take?
- What type of content needs to be developed?
- Do we have the right expertise, or do we need to consult a subject matter expert?
All of these questions and more are likely to pop up.
We love eLearning Industry’s suggested metrics to help you define success.
- Engagement - Consult metrics gleaned from your training platform of choice.
- Learner Knowledge - Use assessments, surveys, and the like to see what learners are retaining.
- Business Objectives - Use before-and-after metrics to assess how the security awareness training has impacted the business.
4. Create An Outline
In the outline, you’ll begin to plan how you’ll develop the training program.
- List security skills employees should have upon completion.
- Identify any needed software or devices.
- Create a list of topics to be covered.
- Evaluate options for content delivery.
- Identify resources for employees following training.
5. Decide Whether To Stay In House Or Go Outside
Depending on overall size and available resources, a company may elect to develop the training internally, or they may seek outside help.
When assessing potential vendors, keep these factors in mind.
- Pricing - It is a crucial factor, but it should be not the only one.
- Reliability - Dependable vendors often form long-term partnerships that are mutually beneficial.
- Stability - Those long-term partners must be stable businesses, meaning they expect to be serving clients and customers for the foreseeable future.
- Location - A key factor we hear from our customers is our location in central Illinois.
- Competencies - With your outline, you can determine whether a vendor has the competencies in the areas you’re looking for.
Keep these five tips in mind as you start your company’s security awareness training.