October is Security Awareness month but security awareness isn’t something to be done once a year. Security awareness is the best way to change behaviors and improve your organizations’ overall security mindset.
There are three types of training suggested for your security program and these also meet the requirements of most IT Security Compliance standards.
Annual/new hire training which provide general instruction for workforce members on standards such as HIPAA, PCI or Privacy Laws. This training should include an extensive list of content and provide specific instruction on the organizations’ policies. This needs to include a simple test, be documented, and the records retained for at least 6 years depending on the standard.
Security Awareness training such as the one below should be performed periodically. This can be in any format and individual training doesn’t need to be documented. Just keep a list of what and how it was disseminated. In our experience messages that are fun, colorful and quickly read are the best at getting employees to read them and ultimately changing behaviors.
The security team needs formal training every year. Not just to keep their certifications current but to give them the tools to keep your security program up to date and ready to meet the challenges. As an old boss once said when asked about spending money on training, “Aren’t you afraid they take the training and get a different job”, to which he replied, “No, I’m afraid I won’t train them and they’ll stay”.
Download a PDF for distribution to your team – October Security Awareness 2021