Weakest link. Soft, chewy center. Wetware. The Walking Pwnd.
Users get called all sorts of things. Almost none of them very nice. But to flip things around, what word do you think first comes to mind when your users think about security?
Boring? Confusing? Scary? Hassle?
Whatever it is, chances are it’s something negative rather than positive, and that’s a problem. In fact, it’s not just any problem. If you're planning on conducting security awareness training anytime soon it's the problem you need to address first. Otherwise, you're going to be wasting a lot of time and resources.
Because guess who gets invested in something they see as one big boring, confusing, scary hassle? Nobody.
Every year, organizations spend over $1 billion on security awareness training. It doesn't seem to be working.
One reason security awareness training fails is that it gets treated as a solution to a lack-of-information problem rather than a we-need-a-change-in-perspective problem.
The goal shouldn’t be to turn users into security experts or remind them of what they don’t know. It should be helping users to understand there’s another way to do what they’re already doing, and the new way is faster, better, and more secure.
The only way that happens is by making an effort to meet users where they are — to understand what they’re responsible for, what their goals and challenges are, and why it is they see things differently.
We're excited to announce we’ve developed something to help you do exactly that.
We wrote and designed it to let you see what security really looks like through the eyes of your users. Then you can learn how to apply that new perspective to launch an awareness program that users will actually respond to.
A user training guide for IT pros who prefer to skip the mistakes
If you've ever conducted a security awareness program that didn't quite pan out, or if you're thinking of launching your first program but don't know exactly where to start, this guide can help.
It includes training approaches and templates, tips for raising security awareness with the C-suite, checklists, and even a framework for building your own security awareness program from scratch.