More often than not, organizations make the mistake of confusing security awareness training with a security awareness program. The two terms appear remarkably similar but are actually very different.
Security awareness training is a course designed to increase knowledge of security best-practices or procedures for employees. These courses can be instructor-led, self-paced, online, or a combination of all three. Like all courses, they all have a finite duration and employees earn a grade or a shiny check mark indicating completion. Security awareness training should be considered a small piece of an overall security awareness program.
A security awareness program is not something that can be contained within a two-day course or online quiz. Security awareness is the overal attitudes, beliefs, and values that an organization’s employees hold towards securing its physical and information assets. These attitudes, beliefs, and values need to be engaged 365 days of the year. A proper security awareness program uses courses as only one tool for creating and maintaining this engagment.
Think about the last time you attended any kind of security awareness training. How long did you it take you to fall back into your old way of doing things after the course was completed? I’m reminded of the old saying: You can lead a horse to water but you can’t make it drink. In this case, you can lead a person to knowledge but you can’t make him use it. Our organizations need to fully embrace security awareness as a value and employees need to have a way to engage in a program throughout the entire year.
So go ahead and schedule your security awareness courses. They are incredibly important and I’m not saying we should have less of them. What I’m saying is don’t stop there. We need to develop entire programs around the courses to ensure that their effectiveness is not limited to a two-day period.
Do you have any thoughts on how to effectively drive employee engagement in a security awareness program? Currently working on a course or program for your organization and would like to talk to someone about ideas and assistance? Leave a comment or get in touch with us via our contact page. We’d love to have a conversation with you.