Cybersecurity Awareness Program Improvement

​

There are two diametrically-opposed camps when it comes to security training and awareness - those who say it's a waste of time and those who don't. While I haven't seen (or looked for) professional studies to support either side, I always ask doubters what they're talking about. And, the problem is both sides are right.

​

Will hanging 'change your password' flyers in your halls help stop an inevitable breach? Who knows - the answer is 'maybe' at best. But, while a public reminder about security is part of the overall security awareness program, it shouldn't be the only tool in the shed.

​

On the flip side, requiring all of your employees to obtain and maintain a security certification is probably not the best use of time and resources either - should your CEO have a CISSP? Probably not.

​

To have a worthwhile security awareness program, it should be:

Relevant to your threat environment

Relevant to your business goals

Inclusive and tiered

Reviewed and improved upon frequently

​

That last one is key because threats, technology, and business goals change (rather quickly sometimes).

​

Also worth noting: you cannot improve your security awareness activities without knowing your threat environment. That's who is out there, what do they want to steal from you, and how they're going get it. 

​

Please contact 3fold if your cybersecurity awareness and training program is getting stale - we'll help you revive it.

​

Situational / Custom Training

​

Sometimes research and FAQ hunting isn't enough and you need to talk to an expert. Whether you're trying to understand low-level security requirements, how to navigate a complex authorization process, or how to formulate a security strategy, 3fold can support virtual or in-person workshops and training sessions for small or large audiences. Try to stump us and give us a call.