When you think of security awareness training in the business, the first thing that likely comes to mind is simulated phishing exercises that lure employees into clicking on what they shouldn’t. But if that’s the only thing that comes to mind, you’re missing the point.
While your approach to awareness doesn’t have to be complex, and really shouldn’t be, it’s more about cultivating a culture, and in order to do that, you’ll have to think outside of the box.
The posters in the break room approach have zero impact, but if you couple that with active, on-demand, pertinent and relevant actions, employees will remember it, says William Malik, Vice President of infrastructure strategies at Trend Micro.
“If your people are doing the right thing, they’ll make security work,” Malik told InfoSec Insider during a video interview shot at the RSA Conference. “Getting the culture right is everything.”
In the full video interview below, Malik shares his take on what simplicity looks like when it comes to cybersecurity awareness training in the business.