0% found this document useful (0 votes)

3 views

How to Build a Security Education, Training, and Awareness Program

The document outlines the importance of a Security Education, Training, and Awareness (SETA) program to prevent data breaches caused by human error. It provides a step-by-step guide for businesses to build an effective SETA program, including defining goals, assessing employee knowledge, developing relevant topics, and distributing training. The emphasis is on creating a continuous learning environment rather than a one-time training session to maintain cybersecurity awareness among employees.

Uploaded by

shoug

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

3 views

How to Build a Security Education, Training, and Awareness Program

Uploaded by

shoug

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 1

786-641-5437 GET SUPPORT

SPEAK WITH OUR CISO

How to Build a
Security Education,
Training, and
Awareness
Program

January 22, 2019 Eric Dosal

3 MIN READ

P
rotecting your business’ most
sensitive data takes more than
just having the right
cybersecurity tools—it takes having well-
educated, cyber-aware employees at all
levels of the organization. In fact,
according to data cited by CNBC, “47
percent of business leaders said human
error such as accidental loss of a device or
document by an employee had caused a
data breach at their organization.” This
statistic simply highlights how important
it is to train employees in network
security to prevent the kinds of basic
mistakes that lead to data breaches.

This is where a Security Education,

Training, and Awareness (SETA) program
comes into play. SETA programs help
businesses to educate and inform their
employees about basic network security
issues and expectations—helping to
prevent commonplace cybersecurity
mistakes that lead to damaging data
breaches.

However, how can a business build a

security education training and
awareness program that will make an
impact with employees? After all, simply
sitting everyone in the company down for
a one-time lecture might boost
cybersecurity awareness for a little while,
but people will quickly fall back onto old
habits after the training is done.

Here are a few suggestions for building a

network security education program for
your own business:

Step 1: Deﬁne Your

Network Security
Education Goals
Before you begin contacting
cybersecurity experts and lining up
presenters to give seminars at your
company’s offices, start by defining the
exact goals you want your security
education program to meet. Be sure to
make these goals are specific,
measurable, achievable, realistic, and
timely—as in the SMART goal framework.

For example, saying that you want to

“raise cybersecurity awareness” in the
organization is a decent start, but not a
great goal for making long-term
progress. Instead, something more
speciﬁc, such as “eliminating the use of
weak passwords by 50% within six
months” or “reducing phishing attempt
success by 50% or more” creates
objectives that can actually be measured.

Step 2: Assess Your

Audience
Not all employees have the same level of
knowledge when it comes to
cybersecurity. When creating your
security education, training, and
awareness program, it’s important to
assess the overall knowledge level of your
employees before shoving them into a
“one-size-ﬁts-all” network security lesson.

After all, information that is new, valuable,

and interesting to one employee may be
boring and remedial to another
employee. Likewise, concepts and jargon
(like the “phishing” term used earlier)
may be familiar to some but confusing to
others.

So, when starting a SETA program, try to

start with an assessment of your
organization’s overall cybersecurity
knowledge. This could mean sending out
surveys asking people how comfortable
they are with cybersecurity topics, or even
actively testing employees by sending
fake phishing emails or handing out
quizzes if need be.

This helps you establish a baseline for

your company’s security education and
awareness needs—including speciﬁc
areas of concern that may need to be
addressed company-wide. At the very
least, this assessment can help get
people in the company thinking about
network security and the part they play in
a cybersecurity strategy.

Step 3: Develop SETA

Program Topics Based on
Critical Issues
After identifying the biggest
cybersecurity knowledge gaps in your
organization, you can start to create
lesson topics designed to address those
gaps. For example, if a lot of people are
falling for fake phishing emails, you could
start to prepare SETA program topics
about phishing attacks to keep real
attacks from succeeding in the future.

Many organizations choose to use

employee learning platforms to develop
their training resources instead of
creating these resources internally. This
can be helpful because the platform
provider may have more in-depth
knowledge about how to create
engaging and informative cybersecurity
learning content. Also, it helps free up the
time for people in the organization to
focus on their jobs—driving results for the
company.

Step 4: Consider How

You’ll Distribute Security
Education to Current and
Future Employees
How you choose to distribute
cybersecurity training to your employees
may depend on the size of your company.
If your business is operating out of a
single set of ofﬁces, simply putting an “all
hands on deck” meeting on the books
and knocking out some security
education there might be enough. Larger
organizations might need to establish a
more comprehensive security education
training and awareness program that
utilizes online training modules to
efﬁciently distribute learning content to
people throughout the organization.

One advantage of some digital employee

learning platforms is that they allow you
to segment your employees by role. This
allows each employee to receive the most
valuable training for their speciﬁc role
and needs rather than putting everyone
through the same “cookie-cutter”
courses. This helps keep lessons more
interesting so employees beneﬁt more
from them.

The best SETA programs are never

treated as “one-and-done” network
security seminars. Instead, they help
ensure that every employee is fully aware
of cybersecurity issues and how to handle
them. As such, it’s important to consider
how you’ll deliver your company’s SETA
program resources to all of your existing
employees as well as any employees who
join the organization in the future.

Setting aside training time during the

new hire onboarding process can be a
good method for ensuring all new
employees enter the company with a set
baseline of cybersecurity knowledge.
Additionally, holding some “refresher”
SETA training at least once a year can
help ensure that your employees’
cybersecurity knowledge remains up to
date with new threats (and keep
cybersecurity top of mind for your
employees).

Need help developing your own internal

security education, training, and
awareness program? Reach out to the
team at Compuquip Cybersecurity for
advice today!

Eric Dosal | October 18, 2018

October is the Time to Work on

Cybersecurity Awareness!
Did you know that October is National Cybersecurity
Awareness Month (NCSAM)? Well, you do now. Also,
according to ...

Eric Dosal | November 8, 2018

3 Ways to Improve Your

Cybersecurity Awareness
As Cybersecurity Awareness Month just passed, the
team here at Compuquip Cybersecurity thought it
would be a good idea to put ...