As you may recall, the Nazi chose the ornate golden chalice, believing it was “fit for a King”, while Indy chose the wooden “carpenter’s cup”. Indiana thought about the person, who Christ was and what he would have used. A savvy metaphor for many decisions in life, and can also apply to how you choose cybersecurity awareness.
There are a range of cyber awareness training solutions on the market today, and some even offer some courses or functionality for free. Free is great, and it has its purpose and time, and can indeed be useful if you are just getting started or have no other options.
Off The Shelf
We’re assuming that you know what cyber awareness training is all about. You know that your company and it’s people need to learn how to become more cyber secure, and you’re now looking at solutions and learning how they work.
Here’s a few helpful questions and facts that can help you as you decide what’s best for your company, your employees and your budget.
What FREE or CHEAP covers:
- Generic knowledge and compliance-focused content
- The ability to capture a snapshot of awareness following the completion of a content element
- Content that targets the many, without addressing the tools or demographic makeup of a business
- Cheapest and quickest content production methods, so tend to look clunky or dated
- Often need hosting so you can access data and reporting
- Impersonal content which doesn’t always align to internal policies or standards, i.e. password length and complexity
- Paid for add-ons to meet your needs
What they miss:
- Continual development of baseline and evolving security knowledge
- Higher production values or an eye to creativity, this varying content quality in terms of graphics, sound, voiceovers, text readability and more can actually have negative effects on user adoption and knowledge retention
- A comprehensive program for change, so outcomes tick the box for compliance but don’t do the heavy behavioural change lifting required in so much of cyber awareness (don’t even get us started on passwords. One video does not make for habit breaking on password reuse, for instance).
- Appropriateness of content to your audience, staff, internal policies or standards
- Generic feel with content that doesn’t relate to real-life scenarios that your staff may face
- Reactive and departmental content
- Can be dated or old fashioned
How to Choose a Cyber Awareness Vendor that’s Right for my Company?
- Compliant with GDPR, PCI, local regulations
- Culturally appropriate
- Provides meaningful metrics
- Has supplementary content
- SSO compatible
- Content for role-specific training i.e devs, c-level
- Ability to report on completion by Manager and Department
- Ability to delete or archive once the user has left
- Ability to assign content based on departments
- Bite-size courses with videos
- Refresher capability
- Easy way to flag users that ignore tests/refreshers
- Ability to send manual/auto-reminders to users/their manager that have ignored/not yet completed courses/refreshers
- Mobile/Tablet friendly
- Cost per user
Your wishlist doesn’t have to include all of the above, some listed may be more important than others, but make sure to understand what matters to your business and review each option against the list. We’re not saying don’t do it, we’re saying if you are going to do it, do it well.
Common Challenges in rolling out Cyber Awareness Training Programs
If you didn’t start with the basics, if you haven’t trained on a holistic set of cyber and digital safety topics- now is the time to start. The cybercrime explosion, the complexities of remote working, and the still uncertain future mean that a clear, safe, easy path is not the future for all of our businesses. The journey to creating cyber secure humans isn’t complete with one slide deck, a few e-learning modules, or a short burst of ‘training’.
What do we mean by cyber secure humans?
Well, that we know about and we take our digital selves and security as seriously as we do our home and car security. We know the local rules of the road when we get our drivers license, we (should!) know enough about how a car works and what to do (or who to help when something goes wrong like a mechanic). We know to lock it when we go out, to install layers of security when needed, and to always keep an eye on our surroundings. That’s what we are really after here at The Cybermaniacs, to help as many people as we can to take charge, responsibility, and be engaged with digital safety. (We can wax rhapsodic on this for hours, sorry, moving on).
Most of what is listed here in the FREEBIES are tasters; a comprehensive program ticking all your boxes will come at a price but will save you oodles of cash by developing a secure workforce, who are savvy and know their roles, responsibilities and how to report their suspicions.
Thinking longer-term, and not just about what will get you through the next audit means:
- You will need to continue to educate, adapt, and motivate your team to keep skills sharp and stay up to date with the latest changes in tech and risk.
- You will have to get past the basics and soon,
- Only covering one or two risk or tech-based topics, like phishing alone, can leave gaping holes that cybercriminals are happy to walk on through.
Securing humans provides an extra level and line of defence for your company against cybercriminals and digital errors of all kinds. Remember, MOST data breaches rely on human error, action or activity. Can you afford to not secure your humans though a shoestring awareness program?
Don’t let budget be a barrier to an awareness program, and free is better than nothing at all, undestanding the caveat that it won’t meet many important requirements.
Want More Fuzz? Subscribe To Our Newsletter!
We don't spam or send lots of junk. But if you do want to hear from us when we've published something cool or released another video, please join our mailing list.