You may have been thinking recently that your company needs to implement security awareness training. Maybe you’ve experienced a scare where a few employees have accidentally clicked on a phishing link in their Facebook inbox. You decide that behavior is risky for the person, but also for the organization.
How do you get started building security awareness training for your organization?
1. Recruit A Champion
A champion will sponsor the initiative at the highest levels within the company. This person has direct lines of communication with the CEO or other key stakeholders.
You may be the champion, or you may persuade someone with more clout to support the project.
2. Get Buy-In
Getting buy-in is the next logical step. Otherwise, why develop a project that isn’t supported?
The champion is largely responsible for getting leaders to agree to commit to this project.
However, this process can be difficult.
“Our research has shown that 70% of all organizational change efforts fail, and one reason for this is executives simply don’t get enough buy-in, from enough people, for their initiatives and ideas,” says Dr. John Kotter in an interview with HR Bartender.
Kotter offers some tips for success.
3. Define Success
Now that your security awareness effort has been greenlit, it’s time to define success.
All of these questions and more are likely to pop up.
We love eLearning Industry’s suggested metrics to help you define success.
4. Create An Outline
In the outline, you’ll begin to plan how you’ll develop the training program.
5. Decide Whether To Stay In House Or Go Outside
Depending on overall size and available resources, a company may elect to develop the training internally, or they may seek outside help.
When assessing potential vendors, keep these factors in mind.
Keep these five tips in mind as you start your company’s security awareness training.