In this episode of Phishy Business, we take a look at how cybersecurity awareness training needs to go beyond just having users sit through training, but in fact, has to work to change user behavior. Listen in to learn more about the importance of cybersecurity awareness training at organizations of all sizes across the globe and how, with today’s diverse and threatening security landscape, cybersecurity is the responsibility of everyone in the organization, not just security professionals. Our special guests are Ira Winkler, award-winning CISO and best-selling author of Security Awareness for Dummies, and our own cybersecurity training expert Duane Nicol, Senior Product Manager – Awareness Training at Mimecast. Ira works to help organizations become more resilient against cyberattack and Duane works to make people feel more involved and included as part of the cybersecurity awareness culture at an organization, driving measurable results.
In ‘Beyond Awareness Training: How to Improve User Behavior’, we discuss:
• How cybersecurity awareness is part of everyone’s job responsibility.
• Why the outcome of cybersecurity awareness training shouldn’t just be awareness, but also should be behavior change.
• The importance of a just corporate culture to encourage employees to report mistakes.
• The difference between ‘must’ and ‘should’.
• Whether or not there is ever a role for blame in cybersecurity awareness training.
• The fact that measurement of cybersecurity awareness programs is crucial.
• Why if a user clicks on a phishing link, the failure happened much further upstream because a lot of technology had to fail to let that malicious email through, and why holistic remediation is necessary.