How to Stop Employees from Taking the Bait

The average ransomware payment in 2020 topped $150k, and the volume of attacks is rising dramatically.

Online criminals have become experts at social engineering attacks by tricking employees to click on malicious links. IT teams have put an emphasis on security especially with the rise of remote work. However, the most important thing any leader can do is educate employees on cybersecurity risks. In Gartner’s latest ebook, they address three common challenges to building a defensible awareness program and how to build a better organizational defense.

1. Develop a list of signature behaviors: To begin, your IT team should create a list of signature behaviors and processes to set guidance for the organization. For example:

• If the desired practice is for employees to use a strong password, make the signature behavior to use pass-phrases to construct passwords.
• If the desired practice is for employees to resist social engineering, then the signature behavior should be to immediately report suspicious emails.
• If the desired practice is for employees to protect sensitive information, then the signature behavior should be to protect approved file transfer solutions.

2. Measure outcomes, not activities: Next, you should focus on measuring outcomes of behaviors instead of the activities. For example:

• If the activity metric is tracking the number of phishing simulations, then the behavior outcome metric would be to track phishing simulation click rate.
• Instead of tracking the number of training modules created, IT teams should focus on the average phish report rate.

3. Connect awareness to business benefits: IT teams need to link how specific training and knowledge acquired relates to behavioral change and how it affects the business. Link the security priorities to business priorities. For example:

• Awareness Training leads to employees being better able to identify suspicious emails which lowers the number of incidents and reduces costs for the business.

Stay up-to-late on the latest employee awareness practices to keep your organization safe!