Making Your Cybersecurity Training Better
I recently read an article in Forbes magazine that gave some tips for implementing a successful security awareness training program. It was written several years ago, but it's still very, very relevant today. Early in the article, the author makes a key observation that we should all be aware of. This is the key thing that we should all keep in mind when it comes to cybersecurity, because the very biggest security risk all of us face, are humans. As humans, we often make mistakes because our behavior is mostly unpredictable. So, in spite of whatever precautions we as individuals, as companies or as governments take, we can't discount the insider threat situations that we, in many cases, accidentally cause. That results in costly cybersecurity incidents. Insider threats cost companies millions, if not billions, of dollars every year, and many were unintentional and simply caused by lack of attention. By establishing a well-designed and well-implemented cybersecurity awareness training program, many millions or billions of dollars in losses can be avoided. Very often, cybersecurity breaches aren't a technical problem at all. They're a people problem. Ensuring that people know how to defend themselves and their organizations against threats is a critical part of an effective cybersecurity protection program. The reason there have been so many compliance frameworks developed over the last 20-plus years is to try to force businesses to follow practices to protect data of various types.