Identify security champions across the business who will support the SAT program as an extension of the security team.
Ensure the security team can respond to any risky behavior an employee displays on the network, instantly! In this way they learn at the point of occurrence and will reconsider their behavior the next time.
Deliver additional formal training to staff who need assistance based on the results of cyber knowledge assessments and phishing simulations. There’s no need to give blanket training to every staff member.
Conduct at least quarterly phishing simulations to help staff learn what a real attack looks like and what to do if they receive such messages.
Spot when employees download free software and explain right there and then that this contravenes company policy and why it’s risky.
Explain to staff why they should not save data to cloud file sharing apps as and when it happens.
Advise employees why they should not access TOR networks before it’s too late.
Offer new staff during onboarding automated essential training and education to help prevent future risky behavior, saving people’s time by no longer having to do in-person sessions.
The CIO of Artesia General Hospital in rural Southeast New Mexico shares the ongoing staffing and resource challenges he faces on a daily basis, and how his IT team tackles risk and workforce training.
The Federal Energy Regulatory Commission is asking input on information collection regulations for how energy companies secure bulk electric systems while its CIO speculated earlier this month that regulated energy utilities will likely need to follow recent government actions around implementing zero trust architectures.