If you’re on the management team, you’ve already decided whether to offer Security Awareness Training to your employees.
Security Awareness Training is not a panacea, but it’s one important step to maintaining a Culture of Security Awareness.
If you’re in a regulated industry, you may be REQUIRED to hold this training. For example, the HIPAA Security Rule requires covered firms to do this for everyone including management. Other state and federal regulations have similar language. Check with your legal adviser to see how they affect you. We’re the just the IT department.
If you’re not in a regulated industry, you may still get asked about it. Across several industries, we’re seeing large firms starting to pass down their own cybersecurity requirements to their suppliers and service providers.
January can be a great time to hold your annual Security Awareness Training, but you may need regular refreshers throughout the year, particularly if your operations change or you see people start to flag. New employees should complete the training quickly, perhaps as part of the first-day on-boarding process.
Of course, someone needs to track all of this. For it to get done, you must appoint someone to track completion and review effectiveness.
In the next video, I’ll discuss different methods of providing this training.
Episode #2 – 12/12/2018