Professional Documents
Culture Documents
Virtually every organization faces cybersecurity threats carrying signi cant nancial, legal and
reputational consequences. The bad news is many of these threats cannot be detected, let alone
prevented, by even the best IT professionals and technical controls. The good news is this doesn’t mean
you have zero options to keep your organization safe from cyber attacks. It only means you can’t do it
alone.
Preventing cybersecurity attacks at your organization takes more than technical e orts. It requires a
cyber-aware sta and a culture of security awareness to keep your organization safe. The biggest
question is: How can you build a cyber-aware sta ?
We recently explored this question with Pete Just, CTO of Metropolitan School District of Wayne
Township in Indiana, to learn his ve-step process for building a cyber-aware sta . Here’s what we
learned.
Step 1: Do IT Right
Before building security awareness into the culture of your organization, you must lay the IT
groundwork. Focus on reducing risk exposure, meeting compliance standards and installing the
technical controls to set your sta up for success.
You rely on your sta to take cybersecurity seriously and engage in your security awareness program
but your sta relies on you to implement the security infrastructure to help them succeed. Think about
your risk, needs and obstacles to achieving your goals and match your IT accordingly.
You know how important cybersecurity awareness is and so should the leaders of your organization.
Getting buy-in from leaders within your organization will help you capture the cross-departmental
support you need to make security awareness part of your organization’s culture.
Involve more than just your IT team when planning your security awareness program. Make sure all
leaders understand your goals and ask for suggestions. By including leaders throughout the
organization, you can build a security awareness campaign that works for everyone and recruit
ambassadors for your program along the way.
https://www.infosecinstitute.com/blog/5-steps-to-building-a-cyber-aware-staff/ 1/3
11/12/2018 5 Steps to Building a Cyber-Aware Staff - InfoSec Institute, Inc.
The best way to personalize learning paths is to construct a one-to-one campaign including security
awareness training, phishing simulations and individual assessments. By using these tools in a
personalized campaign, you can measure the security aptitude of each employee and automatically
tailor training to address their knowledge gaps. You can use this same data to gauge the e ectiveness
of your security awareness training program over time.
Recruiting and training security champions is an e ective way to create a culture of security at your
organization. Security champions act as ambassadors of your training program and can have greater
success in uencing the behavior of their peers than management or computer-based training alone.
Find people outside of the IT department who are excited about security. These are sta members who
quickly adopt security best practices and can serve as a technical resource for their coworkers outside
of your IT team. You can even incentivize training for security champions to build an even stronger
network of peer in uencers.
A successful awareness training program starts with an engaged sta . Engage the entire organization in
training — from the summer intern to the CEO. Promote your security awareness e orts, measure the
success of your campaign and turn security awareness into a team e ort.
Hang posters to reinforce security awareness training, display leaderboards to promote friendly
competition or even run contests to reward the most engaged or most improved members of your
organization.
Building a secure infrastructure requires a cyber-aware sta prepared to handle threats that slip
through your technical controls. At InfoSec Institute, we know it can be challenging to address the
human element of cybersecurity. That’s why we built SecurityIQ, a solution designed to engage and
motivate all learners to care about cybersecurity, improve their security habits and report suspicious
activity. SecurityIQ integrates phishing simulations with interactive security awareness training to
deliver security coaching personalized to each employee’s role, security aptitude and learning style.
Request Demo
T
https://www.infosecinstitute.com/blog/5-steps-to-building-a-cyber-aware-staff/ 2/3
T
11/12/2018 5 Steps to Building a Cyber-Aware Staff - InfoSec Institute, Inc.
Author
Tyler Schultz
©2018 InfoSec Institute, Inc. - InfoSec Institute, the InfoSec Institute logo, SecurityIQ, the SecurityIQ logo, PhishSim, PhishNotify,
PhishDefender, AwareEd and SkillSet are trademarks of InfoSec Institute, Inc.
GIAC® is a registered trademark of the SANS Institute. PMP is a registered trademark of the Project Management Institute, Inc. ITIL®
and IT Infrastructure Library® are registered trademarks of AXELOS Limited. The Swirl logo™ is a trademark of AXELOS Limited.
InfoSec has no a liation with Red Hat, Inc. The Red Hat trademark is used for identi cation purposes only and is not intended to
indicate a liation with or approval by Red Hat, Inc. All other trademarks are the property of their respective owners.
https://www.infosecinstitute.com/blog/5-steps-to-building-a-cyber-aware-staff/ 3/3