A Best Practices Guide for Comprehensive Employee Awareness Programs
By MediaPro
()
About this ebook
With 20-plus years in the adult learning and employee awareness business, MediaPro has ample experience in helping organizations teach their employees. In this guide, we’ve tapped some of our best talent to explain some time-tested best practices for running employee awareness programs in cybersecurity and privacy. We believe that if you’re going to really change behavior within your organization, you’ve got to do four things: Analyze, Plan, Train, and Reinforce. These are the core components of our Adaptive Awareness Framework, a vision for how you can build an effective employee awareness program. Each one of the four chapters in our Best Practices Guide for Comprehensive Employee Awareness Programs is devoted to one of these components:
•Chapter 1 Analyze: Using Data to Inform Your Awareness Program
•Chapter 2 Plan: Creating a Roadmap for Your Awareness Program
•Chapter 3 Train: Building Training that Achieves Real Behavior Change
•Chapter 4 Reinforce: Battling the Forgetting Curve
Through our focus on proven adult learning principles and award-winning training experiences, MediaPro has helped enterprises of all kinds improve the professional performance of their people. We’re passionate about our work in adult learning, and it shows in the quality of our courses, the delight of our clients, and in our industry recognition.
MediaPro
MediaPro is a learning services company that specializes in the areas of information security, data privacy, compliance, and custom online courseware. We deliver the high-quality learning experiences that grow knowledge, change behavior, and support cultural change. Our clients can be found in most every industry and include Fortune 500 brands, SMB’s, and government entities. We’re passionate about our work in adult learning, and it shows in the quality of our courses, the delight of our clients, and in our many industry awards.
Related to A Best Practices Guide for Comprehensive Employee Awareness Programs
Related ebooks
Data Privacy: What Enterprises Need to Know? Rating: 0 out of 5 stars0 ratingsThe Cybersecurity Mindset: Cultivating a Culture of Vigilance Rating: 0 out of 5 stars0 ratingsIT Governance Critical Issues Series: Cyber Security Rating: 0 out of 5 stars0 ratingsThe Psychology of Information Security: Resolving conflicts between security compliance and human behaviour Rating: 5 out of 5 stars5/5The Human Fix to Human Risk: 5 Steps to Fostering a Culture of Cyber Security Awareness Rating: 0 out of 5 stars0 ratingsCan. Trust. Will.: Hiring for the Human Element in the New Age of Cybersecurity Rating: 5 out of 5 stars5/57 Rules To Become Exceptional At Cyber Security Rating: 5 out of 5 stars5/5Data Breach Preparation and Response: Breaches are Certain, Impact is Not Rating: 0 out of 5 stars0 ratingsCrash Course Data Security Rating: 0 out of 5 stars0 ratingsBusiness Practical Security Rating: 0 out of 5 stars0 ratingsThe Cybersecurity Mindset: A Virtual and Transformational Thinking Mode Rating: 0 out of 5 stars0 ratingsCyber Resilience: Defence-in-depth principles Rating: 0 out of 5 stars0 ratingsTrends In Cybersecurity: The Insider To Insider Risks Rating: 0 out of 5 stars0 ratings8 Steps to Better Security: A Simple Cyber Resilience Guide for Business Rating: 0 out of 5 stars0 ratingsCyber Intelligence-Driven Risk: How to Build and Use Cyber Intelligence for Business Risk Decisions Rating: 0 out of 5 stars0 ratingsSelling Information Security to the Board: A Primer Rating: 0 out of 5 stars0 ratingsModern Cybersecurity Practices: Exploring And Implementing Agile Cybersecurity Frameworks and Strategies for Your Organization Rating: 0 out of 5 stars0 ratingsCompTIA CySA+ Certification The Ultimate Study Guide to Practice Questions With Answers and Master the Cybersecurity Analyst Exam Rating: 0 out of 5 stars0 ratingsHampering the Human Hacker and the Threat of Social Engineering Rating: 0 out of 5 stars0 ratingsIT Induction and Information Security Awareness: A Pocket Guide Rating: 0 out of 5 stars0 ratingsMobile Computing: Securing your workforce Rating: 0 out of 5 stars0 ratingsThe Future and Opportunities of Cybersecurity in the Workforce Rating: 3 out of 5 stars3/5OSINT Cracking Tools: Maltego, Shodan, Aircrack-Ng, Recon-Ng Rating: 0 out of 5 stars0 ratingsManaging Cybersecurity: A Project Management Approach Rating: 0 out of 5 stars0 ratingsInformation Security Governance: A Practical Development and Implementation Approach Rating: 0 out of 5 stars0 ratings7 Rules to Influence Behaviour and Win at Cyber Security Awareness Rating: 5 out of 5 stars5/5Cybersecurity for Small Businesses and Nonprofits Rating: 0 out of 5 stars0 ratingsInformation Gathering Rating: 0 out of 5 stars0 ratingsSoftware Security For You Rating: 0 out of 5 stars0 ratings
Security For You
CompTIA Security+ Study Guide: Exam SY0-601 Rating: 5 out of 5 stars5/5Mike Meyers CompTIA Security+ Certification Passport, Sixth Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Make Your Smartphone 007 Smart Rating: 4 out of 5 stars4/5IAPP CIPP / US Certified Information Privacy Professional Study Guide Rating: 0 out of 5 stars0 ratingsPractical Lock Picking: A Physical Penetration Tester's Training Guide Rating: 5 out of 5 stars5/5Hacking : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Ethical Hacking Rating: 5 out of 5 stars5/5How I Rob Banks: And Other Such Places Rating: 0 out of 5 stars0 ratingsCodes and Ciphers - A History of Cryptography Rating: 4 out of 5 stars4/5Cybersecurity For Dummies Rating: 4 out of 5 stars4/5Hacking For Dummies Rating: 4 out of 5 stars4/5Social Engineering: The Science of Human Hacking Rating: 3 out of 5 stars3/5How to Become Anonymous, Secure and Free Online Rating: 5 out of 5 stars5/5CompTIA Network+ Certification Guide (Exam N10-008): Unleash your full potential as a Network Administrator (English Edition) Rating: 0 out of 5 stars0 ratingsRemote/WebCam Notarization : Basic Understanding Rating: 3 out of 5 stars3/5The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy Rating: 4 out of 5 stars4/5CompTIA Network+ Review Guide: Exam N10-008 Rating: 0 out of 5 stars0 ratingsCybersecurity: The Beginner's Guide: A comprehensive guide to getting started in cybersecurity Rating: 5 out of 5 stars5/5Tor and the Dark Art of Anonymity Rating: 5 out of 5 stars5/5Hands on Hacking: Become an Expert at Next Gen Penetration Testing and Purple Teaming Rating: 3 out of 5 stars3/5Ethical Hacking 101 - How to conduct professional pentestings in 21 days or less!: How to hack, #1 Rating: 5 out of 5 stars5/5Ultimate Guide for Being Anonymous: Hacking the Planet, #4 Rating: 5 out of 5 stars5/5Blockchain Basics: A Non-Technical Introduction in 25 Steps Rating: 5 out of 5 stars5/5Mike Meyers' CompTIA Security+ Certification Guide, Third Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Wireless Hacking 101 Rating: 4 out of 5 stars4/5How to Hack Like a Pornstar Rating: 5 out of 5 stars5/5Dark Territory: The Secret History of Cyber War Rating: 4 out of 5 stars4/5
Reviews for A Best Practices Guide for Comprehensive Employee Awareness Programs
0 ratings0 reviews
Book preview
A Best Practices Guide for Comprehensive Employee Awareness Programs - MediaPro
A Best Practices Guide for Comprehensive Employee Awareness Programs
Edited by Tom Pendergast, Jeremy Schwartz, and Laura Lanning, with an introduction by Steve Conrad
Text copyright © 2016 MediaPro Holdings LLC
All rights reserved
Table of Contents
Introduction
Meet the Authors
Chapter 1: Analyze
Chapter 2: Plan
Chapter 3: Train
Chapter 4: Reinforce
Epilogue: How You’ll Know it Works
Bibliography
Introduction
Today, security and privacy professionals find themselves in an enviable position. Global trends—from always-on connectivity to cloud computing to rising concerns for privacy and associated privacy regulation—have elevated the importance of both security and privacy personnel within all organizations, in both the public and private sector. Professionals in these fields have a voice at the upper levels of decision-making like never before, and the job market reflects intense demands for people skilled in these areas.
There is a dark side to this story, of course. Cybercriminals recognize the possibility for riches in the flow of information that makes the global economy go around, and they are coming after your data with ever-increasing tenacity. As you know, technological advances have helped tighten and control many security and privacy risks. However, because these technologies have improved so much in recent years, cyber attackers have shifted their focus to the ever-vulnerable human. While you can build a wall of technical protections around systems and information, it is ultimately the actions and behaviors of your people that will determine just how secure your data, and ultimately your bottom line, really are.
Our own 2016 survey of more than 1,000 employees across the United States revealed that 88 % lack the awareness to stop preventable cyber incidents.¹ Broader, industry-wide research paints the same picture. The 2016 Verizon Enterprises Data Breach Investigation Report, for example, found that 30% of phishing emails were opened in 2015; up from 24% the year before.² And falling for scam emails is just a sampling of the dangers posed by employees lacking security or privacy awareness. A 2016 CompTIA report titled International Trends in Cybersecurity found that human error accounts for more than 50% of security breaches.³ Enterprises face threats that compromise the security of critical information due to unintentionally risky behavior from employees with poor privacy and security hygiene. Left unchecked, these employees are putting their companies at serious risk of material loss due to a data breach or other cyber incident. The danger of sensitive client or customer data compromised by a data breach threatens organizations of all sizes and industries. Year after year, massive breaches affecting millions of people continue to make headlines. Reports of lost revenue, lost customers, and lost reputation often follow.
Consider the analogy of a bank vault. No matter how much money may have been spent on construction and installation of this safeguard, it proves useless if it is left unsecure. The same is true in the security and privacy spaces. A vault is only as strong as its keepers. The keepers must know to properly close and