[INFOGRAPHIC] How to Run a Successful Security Awareness Training Program

Critical components of a successful security awareness program:

  • Use good, high quality content that’s highly relevant to your users
  • Reinforce the training with regular simulated phishing attacks
  • Stay current with what is happening in real phishing attacks - mirror the topics and methods used by cybercriminals

How to motivate your users to do their training on time:

  • Lead with a carrot, not a stick! Reward users upon completion (could be a sticker, certificate, raffling off a gift card, etc.)
  • Make it a game and create healthy competition between departments or other groups
  • Get your leadership involved publicly - make sure it’s well known and seen. It will make the rest of the organization want to follow in their footsteps

How to gain and maintain executive support for your security awareness program:

  • Speak their language: Don’t get too technical, and tie it to business objectives (risk, reputation, business benefits, profit and loss impact, etc.)
  • Address the “why” and how does it help your organization be more successful
  • Talk about cybersecurity in the news, how it was a result of human error, and how this program will help to mitigate human error

How to measure the benefits of a successful security awareness program:

  • Track metrics like the phish-prone percentage of your organization or number of phishing emails reported over time
  • Conduct surveys with different stakeholders to gauge their perception of the program’s success
  • Whatever you use to measure success, make sure it is defined, agreed upon and tracked

How to develop a stronger security awareness culture over time:

  • Evaluate your organization against the 7 dimensions of security culture, and measure it against your industry’s benchmarks (we have done studies on this!)
  • Tie your security culture into your overall organizational culture so the two are not at odds
  • Understand that there is no fast track to a good security culture - by consistently following the advice above, you will develop a strong security awareness culture over time

We hope these tips can help you implement new-school security awareness training for your users. Make sure you’re prepared for Cybersecurity Awareness Month and beyond!
Click here to download the full infographic (PDF).


Privacy Policy | Terms of Service