Improving the security posture of your organization starts with each of your employees. Regularly providing your employees with consistent, high-quality security awareness training is a basic requirement to create a foundation of security. This need arises from a rapid increase in security breaches and the subsequent financial losses they can cause. In the IBM “Cost of Data Breach Report 2022,” 83% of organizations report having been breached more than once in 2022 and only 17% reported it being their first breach. As a direct result, 60% of organizations reported having increased the prices for their products or services. The overall cost of a breach can be attributed to several factors such as the lack of a zero-trust policy, stolen or compromised credentials, phishing, remote work, lack of an incident response team and many more. Addressing each of these areas successfully requires one common activity: security awareness training among your employees. The more they know, the more they can help to prevent losses.
Here are the key ways to provide security awareness training for your employees
1. Regular required training about new risks
It’s crucial to include a training for cyber security along with the usual required training such as sexual harassment, workplace safety and others. Ensure that the training is up to date with the latest statistics and encourages best practices. Add quizzes and interactive lessons for additional engagement and supplement with messages from trusted executives on the importance of the topic.
2. Implement security policies that educate users in real time using Microsoft Purview
Microsoft’s Information protection suite can provide multiple levels of security ranging from document level encryption to endpoint protection and organization wide policies. Any time a policy is triggered, warning banners can appear to alert the user of potentially harmful activity such as sending an email containing personally identifiable information or an attachment with a restrictive sensitivity label. Sensitivity labels in Microsoft office allow you to quickly put walls around any sensitive content. These labels are visible to employees and can be implemented with or without encryption. Employees can choose to increase or decrease the level of protection manually based on their best judgement. The Sensitivity icon also be linked to an org-wide knowledge base where self-learning can be encouraged with the most up to date information.
3. Normalize the topic of security in everyday conversations
. Ensure that managers and team leaders are well educated and equipped to include the topic in a diverse range of discussions. Normalizing the topic in the smallest of groups allows for employees to consider security at every step or their workflow. Share knowledge of recent incidents in your organization and others in the industry. Often, we as human beings are more inclined to pay attention to a discussion if it directly involves us and is with trusted peers. The established relationships can increase the likelihood of the best practices and recommendations being followed.
Use these tips to increase user awareness and increase adoption of your organization’s security policies. Start early and stay consistent!