How to
Jonathan Crowe
Oct 2015

3 Practical Cybersecurity Training Tips that Actually Inspire Action

Photo by Source

“Let me hold off on what I was doing so I can install this security update” — No one ever

Raising awareness and training employees on cybersecurity is hard. It’s draining. It’s thankless. And all too often, it’s ineffective. A big part of the problem is that we approach it with unrealistic expectations, and with tactics and messaging that may resonate with us, but not our audience. As a result, there’s often a disconnect between our security-minded priorities and those of the rest of the company.

In an ideal world, we’d be recognized by management and co-workers as the esteemed guardians of information and sage-like purveyors of critical know-how we clearly are.

The reality is a little bit different...

That’s why we’ve collected no-nonsense training tips from some of the top security experts online and put them into our new eBook, The Realist's Guide to Cybersecurity Awareness: Tips for Engaging and Empowering Employees in the Real World. 

These are practical, actionable, tips that actually stand a chance of working in the real world. Check out a preview of a few of the tips below, and download the full guide here.


Tip #1: Passwords 

cybersecurity awareness passwords training

Try this, instead:

“Explain that password managers are our friends.”


Microsoft Regional Director and Most Valuable Professional for Developer Security, Pluralsight author, and international speaker Troy Hunt explains why:

"Strong, unique passwords are a necessity, but by that very definition they’re not memorable. Passwords managers are the answer as they allow you to create one strong, unique password (which we can memorize), which protects and encrypted collection of other strong, unique passwords (which we can’t memorize en mass)."

More from Troy: 5 Ways for Small IT Teams to Stay Ahead

Tip #2: Mock Phishing Attacks 

cybersecurity awareness mock phishing attack tip


Try this, instead:

“Quickly move the focus from ‘what you did wrong’ to ‘how we can get better.’”


Amy Baker, VP of Marketing at Wombat Security Technologies explains why:

"No one likes to feel fooled. When it comes to mock attacks and penetration tests, make sure to communicate your plans a few weeks in advance so that you don’t ruin your phishing tests and follow up with users right away. Right after telling them they made a mistake, use a constructive message that encourages them to view the exercise as a positive learning experience rather than a failed test or a gotcha. Then provide more in-depth training so that they have the knowledge to avoid the next attack."


Tip #3: Computer-Based Training (CBT) 

Cybersecurity computer based training tip


Try this, instead:

“Consider CBT just one of many tools in your tool box.”


Christopher Hadnagy, CEO of Social-Engineer, Inc. explains why:

"If you wanted to learn how to box you would go to a boxing gym. The trainer would set you up with protective gear and then tell you how to deliver a punch and take a punch. You would never step into the ring unprotected till you were ready.

"Can you imagine if you walked into the gym and the trainer sat you down and showed you a 20 minute CBT then said, 'Okay, you ready?' Of course not, that’s ridiculous.

"Well, your people are entering the ring right now, and they have never stepped into the ring and they are not ready or prepared. We encourage each company to have realistic phishing tests that show what it is like to get phished (take the punch) and how to report it properly (give the punch). CBT’s have their place as part of training, but they will not fix the problem." 

Jonathan Crowe

Jonathan Crowe

Jonathan covers the latest threats and cybersecurity trends from a practical perspective.


Close the gaps in your security

Stop paying for AV, get the strongest protection instead. See how Barkly blocks attacks that are getting past AV.

See a demo


Stay informed!

Get the latest security news, tips, and trends straight to your inbox.

Stay informed!

Get the latest security news, tips, and trends straight to your inbox.