This article originally appeared on Lunarline.com and is reprinted here with permission. Updated October 2021.
Cybersecurity is no longer an exclusively technical endeavor. From the beginning of the internet, until very recent times, the discipline has been considered only for those with years of technical training.
Its practitioners have been construed in pop culture as singularly focused tech savants engaged in a kind of esoteric cat-and-mouse game with equally skilled, sinister whiz kids.
This perception has changed over the past five years, out of necessity. As consumers learn that their personal information has been compromised under the watch of companies they’ve trusted, they (and the companies guarding their data) have begun to realize an essential truth about modern security:
It’s everyone’s job.
Popular solutions for protecting privacy and security have come to market, helping non-technical users keep their information secure online. And inside of large organizations, leaders have started to push enterprise-wide initiatives to maintain good cyber-hygiene as a way to manage risk. A centerpiece of such a strategy is mandatory privacy and security training for all employees. But these programs aren’t just a box to be checked; their outcomes can vary widely based on how thorough, accessible and engaging they are.
A panel of successful security and tech leaders recently sat down to offer some effective training tactics, publishing their recommendations in a Forbes column. Here are some of the major takeaways:
- Know your audience: Cybersecurity factors into the daily routines of most employees. Training that understands the work context and responsibilities of a team will go further in connecting with them. Trainees must be able to visualize the impact of their actions in their work and private lives. Effectively preparing a non-technical program might involve working in metaphors, connecting with the team’s KPIs and goals, and explaining the benefits to the business.
- Balance the positive and the negative: Employees need to understand what can go wrong if they don’t keep themselves protected. But they also should see how cyber hygiene works into the success of their careers and their departments.
- Build a foundation: Essential training shouldn’t attempt to cram in advanced concepts in cybersecurity. Focus on making the basics understandable and part of a commonsense approach.
- Be prepared with concrete, consistent practices: Prior to training, an organization needs to know its approach to cybersecurity and where employees fit in. With this preparation, training can get specific, and employees will feel that they know what they need to do.