What to do when end users do not complete cybersecurity training


Employees in your organization are required to complete some form of cybersecurity training once a year, which can include a short online course, training videos, and a test to wrap it all up.

Whether this training model is adequate in today’s cyber climate is another question, but what if employees don’t even take this rudimentary training seriously?

Cyber ​​attacks are increasing in frequency and sophistication, and ransomware is on the rise. According to a recent report from SonicWall, ransomware attacks increased by 151% in the first half of 2021.

There are several things you can do from a leadership, technical and human resource perspective.

Enlist executives and / or managers to ensure compliance

The best way to get buy-in from the whole organization is to enlist the help of the top. Depending on the size of the business, getting every end user to comply with your cybersecurity policies and complete the training you have chosen for the organization may be too much of a demand from IT.

Instead, consider leading business leaders who can help you get your message out and demand that their employees take cybersecurity training and awareness. It should start with business executives who are aware of the costs associated with recovering from a cyber attack, but IT administrators should also consider enlisting the help of the human resources department who can help make this a priority. just like harassment or OSHA compliance.

Read more : Cyber ​​security training for end users needs to evolve

Report non-compliance to management

Once you accept leaders’ buy-in for the importance of cybersecurity awareness, they will be more willing to support you on your preferred discipline method for not completing the training. Or, they will impose their own punishment.

You can send regular compliance reports to executives or managers that specify who has taken the training and who has not. Instead of the rarely seen IT administrator, the direct supervisor of employees is the one threatening disciplinary action.

Restrict access until the end of the training

Unfortunately, there can still be employees who ignore the threats lurking in cyberspace or who don’t feel like cybersecurity applies to them. Of course, they are wrong.

If employees are still not complying after multiple email warnings to complete training, turn off their access to email or other applications until they complete the training. As long as the user has not completed the training and is aware of new computer security threats, his use of company networks is a handicap.

This is a drastic step, and you will need the support of management and HR to implement it.


Source link

Previous Your computer is on fire, but it will take more than this book to shut it down • The Register
Next How they voted: Longmont area congressional votes July 30 to August 5, 2021 - Longmont Times-Call

No Comment

Leave a reply

Your email address will not be published. Required fields are marked *