The only email you might dread receiving more than your credit card statement is the notification to complete your agency’s latest required cyber training. In addition to these modules containing high-level information that goes over your head, they also might lack the pizazz or personal relevance a training about equity or leadership has.
For those who feel unmoved by cybersecurity training, understanding its importance can help you elevate your interest. And for agencies that issue these trainings, learning how to make cybersecurity engaging and applicable to all can improve the reception your course receives.
During a recent GovLoop training, government and industry experts shared their tips and best strategies for elevating cybersecurity trainings and elaborated the importance of modernized and accessible cybersecurity education for all employees.
Here are some insights to keep in mind regarding cybersecurity education, whether you’re the teacher or the student.
Agencies, stay relevant
Let’s be honest; we’re all a little selfish. If something does not seem to involve us, we lose interest in it. This carries into our professional development and learning style. When agencies build cybersecurity trainings, they need to emphasize why the information is relevant to the end user.
“People don’t engage in something unless there is a perceived or a real personal benefit,” said Seema Sewell, the director of Cyber Assurance & Security Architecture for Maricopa County. “The more we make things about them and how they can take what they learn home, the better engaged they’re going to be and the more they’re going to be paying attention.”
Sewell recommends using real world examples inside of trainings and cluing end users into what’s going on at the agency in terms of cyber. She also suggests incorporating employee training feedback when creating trainings and treating employees as subject matter experts; since they form the audience, they understand what content is appealing. This will help enliven training to their target audience.
“No training is good unless it’s fun,” said Sewell.
Let’s talk about trust…
In terms of cybersecurity, your agency does not trust you. But that’s a good thing. Just as external cyberthreats need to be monitored, so should all internal users. This idea is often referred to as zero trust.
“Zero trust, very simply put, starts from the basis of not trusting the endpoint or the user,” said Egon Rinderer, the Federal Chief Technology Officer and Global VP of Technology at Tanium.
As many cyberthreats occur internally, it isn’t smart for agencies to blindly trust all employees. With zero trust, checkpoints exist internally to prevent proprietary information from falling into the wrong hands. Sewell used the metaphor of living in a gated community, but still locking your door.
“We don’t want to give people rights to our systems and access that they don’t need,” said Michael Epley, Chief Architect for the Public Sector at Red Hat.
The beauty of zero trust is that it protects employees as well as the agencies. Giving employees access to extraneous information can overwhelm and create paranoia about accidentally compromising information that can hurt their company.
“No user should be capable of doing something accidentally that lands the company in the news,” said Rinderer.
Get on the same page
Employees need to understand that cybersecurity training is essential because, while they are assets to their workplaces, they can also be hindrances.
“Your workforce is not just your greatest risk, but they are your greatest resource,” said Sewell.
Employees must understand the importance of internal checks and balances and the danger of trusting every email in their inbox.
Agencies must incorporate end-user feedback, and when they make content more applicable to employees, their employees will retain the content better.
“We know that we’ve done things right when we’ve simplified things and it’s easy and automatic for people to understand and to actually implement and use,” said Epley.
If you want to learn about cybersecurity in a fun way, download GovLoop’s new guide, Your Cybersecurity Handbook.
This online training was sponsored by: