The 6 Worst Blockers for Security Awareness Training
August 05, 2020
Security Awareness Training. Perhaps the only thing you'd like less that allocating time to participating in it, is to allocate time to being the organizer for it. But why has it become so painful to run point for your company on this front? Traditionally it's been a bit of a thankless job, but more importantly there are six blockers that make it particularly unpleasant to be the organizer. In the wrap-up we'll give you some great resources for avoiding these blockers, but in the meantime...
Security Awareness Training - Biggest Blockers
1. Blocker #1: Building the Training
Being responsible for building the content for a Security Awareness Training session is a daunting task. Many small business leaders responsible for doing this are wearing MANY hats. If you are running point on building security awareness training for your small business, it's less likely that you are a CISO, and more likely that you are an IT Manager, a CTO, or some other stakeholder that has only fractional time available to focus on security. And that makes it incredibly difficult to stay on top of the latest "Do's" and "Don't" best practices of creating and delivering this type of training.
2. Blocker #2: Getting Executive Buy-In
Your executive stakeholders value cybersecurity, right? In most cases, there is at least a surface-level buy-in for the idea that security awareness training is necessary. But there is also an uneasiness. Is your CEO well equipped to evaluate the actual content of the training program? In most cases, probably not. But yet, it's a weighty decision for an executive at that level to give their blessing that the content you've crafted is suitable. What if some important topic is left out, opening up the company to liability? What if some topic is presented in a manner that employees find unclear, leading to some unintended impact in the future? These sometimes-unspoken concerns can lead to a lot of hand-wringing at the executive level that may delay your progress towards getting the executive buy-in that you need to proceed.
3. Blocker #3: Picking a Date/Time
You seek to have the entire company go through this training, correct? Good luck with calendars, reschedules, executive sponsors bailing at the last minute, late-arrivals and no-shows. Its difficult. We empathize with you.
4. Blocker #4: Tracking Progress & Completion
One of the most important artifacts of the training session, is that it should be memorialized with some type of tracking mechanism that logs who participated, what training they saw, and when. This is the log that you'll get asked for in an enterprise security questionnaire someday (and that day may be soon).
5. Blocker #5: Nagging the Laggards
Does your small business have a particular executive or individual contributor whose role in the company is so essential that almost any rule or policy bends in their presence? Someone whose work is so crucial to the next product launch, the next revenue milestone, or the next capital raise -- that whatever they need to do to achieve those goals, training might be pushed aside? Most companies have someone like this. And it's difficult (and demoralizing) to find yourself constantly in chase of getting folks in this type of situation to take time to complete the necessary training.
6. Scheduling the Next One
If you aren't worn out yet, turn your attention to scheduling the next one. After all you've been through on the just-completed round of security awareness training, we figure you are doing something other than joyful backflips when you reflect on the need to execute on the training sequence again next quarter (or next year, depending on your needs).
Wrap-Up: Breaking through the Blockers
It's tough. We've been there. In prior companies, we didn't find it very fun to run point on security awareness training either. That's part of why we built Havoc Shield. Part of our platform includes security awareness training that is fully online, with button-click rollout to your whole team. We handle the invitations, the completion tracking, the grace periods, the nags, and the summarizing of outcomes to you and your executive team. Let us take this burden off of your plate -- hop on over to our platform and we'll be glad to help.
Interested in more articles about cybersecurity training? Continue here: