Name: Why Security Awareness Should Not Stop at Phishing
Start: 2020-03-19T20:00:00Z
End: 2020-03-19T20:00:18.000Z
Location: BrightTALK
Rating: 0

MediaPRO security and privacy awareness training solutions make training fun, fast, and impactful.

Today, it’s accepted that “security awareness” programs will operate year-round, but in many cases, privacy training is still a once-a-year event. With the expanding reach of privacy laws and the growing public interest in data protection, isn’t it time for privacy education to become a key pillar in the way companies educate employees? 

In this panel discussion, we’ll hear from professionals who have run extensive privacy education programs in their companies. We’ll discuss who most needs education in privacy, the kinds of approaches that have worked well for our panelists, and ideas for improving your efforts, no matter your industry or organization size. We’ll range from how to tailor education to different jobs, to timing your training around business needs, to different methods of communicating, and even the kinds of privacy concepts that can be addressed in training.

Topics will include:
- Working examples of year-round privacy awareness programs.
- What you can borrow from security awareness programs.
- Tips and tricks for reaching end users.

Host:
Dave Cohen, CIPP/E, CIPP/US, Knowledge Manager, IAPP

Moderator:
Tom Pendergast, Chief Learning Officer, MediaPRO

Panelists:
- Kerri Davis, CIPP/US, CIPM, FIP, Privacy Manager, Microsoft
- Nathan Johnson, CIPP/US, CIPM, CIPT, FIP, Head of Privacy and Regulatory, H-E-B
- Chris Pahl, CIPP/C, CIPP/E, CIPP/G, CIPP/US, CIPM, CIPT, FIP, Cyber Security Governance Manager, Southern California Edison

Make 2021 the Year of Privacy: Building a Yearlong Privacy Awareness Program

Today, cybersecurity is so important that security and privacy professionals need to adopt big, audacious goals for what they can accomplish in their organizations. Mere compliance is a joke, and even targeted risk reduction doesn’t go far enough. It’s time we embrace culture change—with all its messiness and imprecision and wonderful possibilities. In this talk, I’ll talk about how far we’ve come in the last several years, about the technical and ethical challenges that remain, and about the promise of changing your security and privacy culture through a marriage of purpose and action.

Beyond Awareness: The Road to Culture Change

The sky is blue, water is wet, and data privacy is a principle vital for everyone to understand.  

Privacy professionals undoubtedly agree on all three but would love to see more consensus on the last one nationwide. That’s why leaders at the U.S. National Cyber Security Alliance and others are starting the drumbeat this year for a full week dedicated to data privacy in 2021. 

Join NCSA Executive Director Kelvin Coleman, Uber Chief Privacy Officer Ruby Zefo, CIPP/US, CIPM, FIP, and MediaPRO Chief Strategist Lisa Plaggemier for a panel discussion co-presented with the IAPP making the case for a full Data Privacy Week to augment the planned Data Privacy Day, 28 January 2021.  

What you'll learn: 
• Why more focus on data privacy is vital.
• The connection between cybersecurity and data privacy.
• Ideas for starting a Data Privacy Week at your organization.

Toward a Data Privacy Week: Something We Can All Agree On

The age of pandemic has led to a surge in online shopping unseen before. We’ve all adjusted to buying toilet paper and cleaning products online, and our holiday shopping habits will be no different. The retail industry is predicting more holiday shopping will be done online than ever before.

But with this convenience and safety during a pandemic comes another threat:  holiday shopping scams.  Just like the cyber criminals stepped up their game to take advantage of Covid-19 related phish and other scams, you can bet they will be capitalizing on the trend of increased online shopping.

As the cybercriminals seize this trend, training and awareness managers need to also.  

This season, Cathy Click, FedEx’s Security Awareness Project/Process Advisor, and MediaPRO Chief Strategist Lisa Plaggemier are here to help you with ways to reach out to your employees with engaging messaging that not just warns them about these scams but tells them what to do about them.

Register for this webinar to learn:
• Why this year will be a bigger challenge than usual
• What common online shopping scams look like
• The most-spoofed brands
• What to say to your employees to help them avoid getting tricked

Secure Holiday Shopping During the Pandemic

MediaPRO is thrilled to announce Paradigm, training that puts people first™. Paradigm is designed to empower learners by delivering training that's simple, encouraging, and relatable. 

With Paradigm, security training and awareness managers get:
- Messaging designed to empower learners with a more conversational tone 
- Language that puts people first. No more fear, hackers in hoodies, or technical jargon 
- Shorter modules that can be rolled out more frequently, to help programs evolve from annual hour-long training 
- Mobile-first design, so your people can learn wherever they are

Register for this webinar to learn how the right approach to training increases employee engagement and leads to an organization-wide security culture.

Changing the Training Paradigm with MediaPRO

Neuroscientists agree:  we make most of our decisions in our subconscious mind. The question for security training and awareness mangers then is: how do we influence the subconscious mind of our audience? 

In part one of this webinar, we covered the brain science and psychology that training and awareness managers can leverage to help people exhibit good security behavior. We looked at how the world of advertising and marketing uses data and our emotions to affect our rational brain as well as our subconscious decision making, including an award-winning advertising campaign (this is where the shirtless men came in). 

Now in part 2, we’ll go beyond the “why” and look at the “how.” From eye-catching visuals and multimedia approaches, to multi-layered strategies designed to engage and inform, this webinar will dive into the tactics marketers have been using for decades to get more eyeballs on their content.   

MediaPRO Chief Strategist (and recovering marketer) Lisa Plaggemier will outline the marketing tactics you can start using today to help increase engagement and ultimately influence behavior change.   

Register to learn more about: 
- Targeting content to specific learner personas 
- Creative use of visuals and repetition to convey your messages 
- Building out multi-layered campaign (not as scary as it sounds!) 
- Borrowing metrics from the marketing world to show your successes

What Do Shirtless Men Have to Do with Security Awareness? Part 2

There is an art to using the unexpected to get people’s attention. It’s the quirky, intriguing thing that fires the made-you-look response. Our brains are constantly searching for stimulation – we actually crave the unexpected and search out novelty. We don’t ask “what’s old?” we ask, “what’s new?” 

Security and privacy training and awareness managers can use this to their advantage. In this webinar, we’ll look at how an infamous and award-winning advertising campaign used the unexpected to drive 5.9 million YouTube in one day! We’ll explore the techniques we can borrow from that ad campaign to get more eyeballs on our awareness content, increase engagement, and ultimately influence behavior change. 

In Part 1 of a two-webinar series, MediaPRO Chief Strategist (and recovering marketer) Lisa Plaggemier shows us what we can learn from the field of marketing to improve our training and awareness programs.  

Register to learn more about: 
- How are brains our hard-wired to look for novelty 
- The importance of “the hook” in messaging meant to influence behavior 
- Why eye-catching visuals are not just for billboards and viral videos 
- How what’s worked for the most successful ad campaigns can work for you

What Do Shirtless Men Have to Do with Security Awareness? Part 1

The concept of “security culture” gets a great deal of play these days in the security world, but what does it really mean?

More importantly, how can someone responsible for the security training and awareness initiative at their company move toward this goal?

With the results of a recent original research report, the answer begins to come into focus. In a 2020 study conducted by Osterman Research surveying both IT managers and everyday employees, employees who found training to be “very interesting” were more than 13 times more likely to make fundamental changes in the way they think about security compared to those who found the training to be “boring.”

Explore the importance of security training and awareness in forging a security culture and how the quality of that training comes into play with the webinar Engage! The Benefits of Building Security Training Employees Want to Take.

Join Osterman Research President Michael Osterman and MediaPRO Chief Learning Officer Tom Pendergast and as they discuss the findings of this report, co-sponsored by MediaPRO.

Register to learn more about:
• The impact of engaging security training on employee behavior
• What makes security training interesting and engaging, straight from the minds of the employees who interact with it
• The relationship between employee enjoyment of training and how much a part of the larger corporate security landscape they feel

Engage! The Benefits of Building Security Training Employees Want to Take

Culture is messy. And while there are many models and theories about how you can influence culture, all of them shift and slide when put to the test in the unique environment presented by any one organization.

In this privacy education web conference discussion, we’ll hear from several privacy program managers about their successes and challenges with building a data privacy culture with their organizations. You’ll learn what they tried, what worked, what didn’t and other real-world lessons from these experts as they sought to increase awareness of privacy best practices and encourage consistent data-protecting behavior.

Topics will include:
- How public perceptions about privacy impact the work of the privacy program manager.
- Areas where panelists have had the greatest success at reaching their objectives.
- Strategies for finding allies in the business.
- Tips for overcoming resistance to privacy-protecting measures.

Education and culture-building measures are notoriously hard to measure and slow to show real progress, but that doesn’t mean that they don’t work. We’ll hear from our panelists about how they knew they were making progress in both tangible and intangible ways, and you’ll leave this session with practical tips for finding success in your workplace.

Moderator:
Tom Pendergast, Chief Learning Officer, MediaPRO

Panelists:
Jana Landon,CIPP/US, Chief Privacy Officer, Lincoln Financial Group
Chris Pahl, CIPP/C, CIPP/E, CIPP/G, CIPP/US, CIPM, CIPT, FIP, Privacy Compliance Program Leader, Southern California Edison
Steve Stalder, CIPP/US, Senior Program Manager, Privacy, Ancestry.com

Building a Privacy Culture: A Conversation with Privacy Program Managers

Insider threats - whether they are current or former employees, contractors or partners with access to company systems or data who use that access maliciously or unintentionally - account for 60 percent of cyber attacks. 
Insider threats are difficult to detect, and in many cases they can go unnoticed for months or years. In fact, detecting an internal threat is one of most difficult and ungrateful tasks for security teams in the organization. 

Join this panel of security experts as they discuss insider threat hunting techniques and recommendations for safeguarding the enterprise against internal and external threats.

- Why are insider threats so dangerous
- Technical and human factor challenges 
- How to detect and prevent malicious insider activity
- How to keep the biggest threats to your organization at bay

Speakers: 
Shawn Fleury, Director of Risk Management, The Crypsis Group
Gabe Gumbs, Chief Innovation Officer, Spirion
Sai Chavali, Sr Product Marketing Manager, Proofpoint Insider Threat Management
Lisa Plaggemier, Chief Strategy Officer, MediaPRO

Insider Threats and Hunting the Enemy Within

We often hear of the importance of building a privacy-aware culture at your company, but how often do we consider how daunting that task can be? After all, these employees who you are supposed to meld into privacy-protecting champions show up at your workplace carrying with them a web of assumptions about data protection over which you have no control. Your employee population is sure to include apathetic or cynical people who believe privacy is already lost, people fatigued by endless privacy notices, coupled with an ever-evolving regulatory landscape. They all participate in a culture that is deeply conflicted about protecting data.

While you can’t control the beliefs your employees bring to work, there is still much you can control in your environment, and we’ll discuss both the challenges that you can’t control and the precise points where you can exercise control over the way your organization approaches data protection. We’ll present a model for thinking about building a privacy culture via a training and awareness program, and we will focus on the different actions and attitudes needed to succeed at building such a program.

Topics will include:
- The conflicted nature of popular perceptions about privacy, including new wrinkles introduced by the pandemic.
- A model for thinking about your influence on company culture that focuses on what you can and can’t control.
- Tactical and mental tips for approaching training and reinforcement that give you leverage in communicating with employees.
- Strategies for finding allies across your business, including at the executive level.

You’ll walk away with a useful mental model to think about how to influence your culture, as well as practical tips for finding success at various levels of influence.

Building a Privacy Culture in a Conflicted Age

Privacy laws and regulations are coming thick and fast, and we’re not done yet. In order for employees to operate effectively in the new business environment created by these regulations, you as a privacy professional need to do more than create policies and processes to comply with regulations—you also need to create a culture around data protection in your organization. It won’t be done with training alone; you’ll need to align executive messaging, training, and ongoing communication around the knowledge and behaviors your employees must master to perform in the new world of privacy. This fast-paced talk explores some key best practices around aligning your culture with privacy laws and changing the mental models of your employees.

Privacy Culture for GDPR, CCPA & Beyond

In the fight against COVID-19, countries are taking urgent actions to address the crisis. Some are turning to tech to find solutions for containing the spread of the virus. Digital contact tracing, in particular, is gaining a lot of traction. For example, Apple and Google recently announced a rare collaboration to jointly facilitate contact tracing within their mobile platforms for public health monitoring applications.
So, what does this mean for privacy? 
While some efforts are being made to preserve user privacy, like not tracking user location or collecting other identifying information, digital contact tracing can still reveal more user information than necessary.

Join this panel of security and privacy experts lead by Chenxi Wang to learn more about the different implications associated with digital contact tracing, how it is being used around the world, and the long-term effects of COVID-rushed decisions.

Speakers:
- Chenxi Wang, Founder & General Partner of Rain Capital
- Vishwanath Raman, Lead, Privacy Technologies, Oasis Labs
- Michelle Dennedy, CEO Drumwave
- Tom Pendergast, Chief Learning Officer, MediaPRO

Privacy in the Time of COVID

“Knowledge is power” has stuck around as a popular aphorism for a reason. Put simply, it’s true. 

As a training and awareness manager, knowledge of both what your employees know and don’t know is vital for you to do your job. Such knowledge can be used to inform what topics to train on and how a training and awareness initiative should be deployed. 

That’s why MediaPRO commissioned the 2020 State of Privacy and Security Awareness Report to gauge the average U.S. employee’s knowledge of common cybersecurity and data privacy best practices. In partnership with Osterman Research, we surveyed just more than 1,000 employees in the U.S. to find out what they know about phishing, social, engineering, malware, privacy regulations, and more. 

Join MediaPRO Chief Learning Officer Tom Pendergast and Osterman Research President Michael Osterman as they discuss the findings of this original research.  

Register to learn more about: 
- Awareness of social engineering tactics and password best practices 
- How much employees know about the most significant data privacy regulations 
- What misconceptions exist about information security 
- Actionable insights to build a risk-based training and awareness initiative

Expert Insights: The 2020 State of Privacy and Security Awareness Report

In this webinar, two MediaPRO subject matter experts will discuss why phishing should be an important part of a balanced breakfast when it comes to security training and awareness. 

Sign up to watch the webinar and learn more about: 

-Best uses for simulated phishing campaigns 

-Why simulated phishing should be one of many tools in a security awareness toolbox 

-Why a comprehensive security awareness program needs to cover more than just phishing 

-How to build such a program

Why Security Awareness Should Not Stop at Phishing

Security Awareness

Cyber Security

awareness training

Phishing

Social Engineering

Information Security

Training Security

Cyber Attacks

IT Security

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The unexpected nature of natural disasters and other disruptive events means that preparation is key to managing disaster recovery and business continuity planning. Join the business continuity and disaster recovery community for live and recorded presentations discussing best practices for business continuity planning, disaster recovery programs and business continuity management. Learn from BCDR experts to develop your critical infrastructure and gain insight into tactical solutions to your BCDR issues.

Business Continuity / Disaster Recovery

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Why Security Awareness Should Not Stop at Phishing

Presented by

About this talk

More from this channel