Page 82 - index
P. 82
to relate this information back to employees in a way they can easily comprehend—and retain—
with the end goal always being a change in behavior.
External Resources are Used
Your staff's valuable time is freed from developing and maintaining comprehensive training
materials. New types of security threats emerge every day. While your IT and security teams
are likely aware of many threats, do they have time to constantly review and update training
materials to make sure they are protected against new types of attacks?
Outsourcing is an opportunity cost—that is, what else could your IT and security teams be
doing if this responsibility was assigned to another source? Outsourced programs address
existing threats as well as those that are emerging, such as clicking on a link in a text message
on a smartphone.
Content and Context are Both Considered
Security training done in-house is usually conducted in a classroom setting using a series of
PowerPoint slides or videos. As you may remember from personal experience with the platform,
while inexpensive, PowerPoint might not be the best way to engage users or change behavior.
For starters, the trainer has no idea if every employee is giving the presentation their full
attention and only knows if the training is failing when another attack against the company
occurs. Because it's a classroom setting that involves their peers, employees may be afraid to
ask questions or contribute to the discussion.
Informative mass emails and PDFs are also relatively inexpensive and easy-to-produce, but
again fail to engage the user or change behavior. They are too easy to ignore and there's no
way to know if the employee did anything except open the email.
When training is outsourced to a trusted provider, it is not a one-off event but rather a series of
interrelated exercises and lessons that can be completed at an employee's desktop.
Awareness is tested frequently and follow-up sessions can be scheduled with employees who
do not seem to be grasping training concepts.
When you outsource training, sessions are short, interactive and engaging. Employees are
not pulled away from their desk for hour-long, half-day or even full-day sessions. Security
training is best-addressed in short bursts for maximum retention and, ultimately, behavioral
change.
82 Cyber Warnings E-Magazine – July 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
