You have to make it more than drudgery.
When you look at your cybersecurity threat profile, it is likely that your employees are your greatest vulnerability. An "errant click" can let the bad guys into your system and then you are doling out dollars via a ransomware attack that has your data or system locked down.
You can have Red Teams probing your network and your staff, but what you really want is to be protected from the attacks to begin with. See the news release below. I think the idea is right on the mark. One of my personal quotes is, "repetition is the mother of remembering," so you can't just have a single annual training event for employees. They just won't remember all the steps that they need to be thinking about to protect your network and information.
For your consideration — no, it is not an endorsement:
Cybercrime represents the greatest threat to businesses and organizations in the world today.
The cost of a data breach, in terms of revenue, reputation, legal exposure, and operational disruption, can be devastating. Global cybercrime costs are expected to reach $10.5 trillion by 2025, up from $3 trillion in 2015.By The Numbers:
A New platform was developed as part of a project to enhance the cybersecurity training within a large hospital system.
It became apparent that the combination of microlearning, customizability, and gamification leading to high ongoing employee involvement answered a need not simply for one client or industry, but for a worldwide digitized economy.
“The problem is not just a lack of cybersecurity awareness training but getting training that works to the people who need it in the way they will actually use it. Most training doesn’t actually accomplish anything, and the numbers prove it. Microlearning has been demonstrated to produce much better results than the traditional lecture-followed-by-a-test approach, both immediately and in terms of longer-range retention,” – Heather Stratford, Drip7 Founder and CEODrip7 already has over 80,000 users licensed on the platform.
“This isn’t a learning management system,” says Stratford, “It’s a way to make learning and training actually do what they need to do. Our goal is to take the fear out of cybersecurity and make it both fun and effective.”
How can gamification and microlearning be leveraged to better secure a workforce against cybersecurity attacks? Heather Stratford can speak to the following:
Drip7 is the brainchild of cybersecurity expert Heather Stratford as a result of a client wanting to fix a specific problem: empowering the weakest link—the human—to use better cybersecurity. With its first few clients (a large educational institution, hospital system, and government agency), Drip7 is proving its usefulness in changing the old system of training and information retention in any workforce. Stratford explains it as, “Drip7 is a micro-learning platform that is re-inventing the way organizations train their employees and build lasting cultural change within them, especially in today's age of remote workforces.”