In the old days, the way you took care of your car was to bring it to the dealership on a regular schedule for an oil change and inspection of its various systems. These days, you still have to bring the car in for oil changes (although they are far less frequent than they used to be), but the inspections have been largely supplanted by electronic diagnostics. The dealership technician hooks up a diagnostic tool to a port in the car and can see, at a glance, almost any lurking flaw or weakness.
Wouldn’t it be great if there were a diagnostic tool like that for employee cyber security preparedness?
I have said many times (most recently, here) that people are the most critical element in your security system. A strong firewall, effective anti-virus software, and thoughtful security policies are powerless to protect you if your employees are still opening and clicking on phishing emails. A more positive spin on the matter comes from Reuters.com, which noted that end-user awareness and training reduces security-related risks for organizations by 45% to 70%.
You can shore up the flaws and weaknesses in the human component of your security system through training. Anybody can learn the skills to recognize and resist threats as long as they get suitable training.
But there’s a risk whenever you go to purchase training, and it’s not just that you might get a bad batch of it. You must do your homework and match the training to the needs of the employees. Otherwise, you face one of two scenarios. Scenario one is when you train employees for skills they already have. This is a waste of whatever you spent on acquiring or developing the training. But it can also affect the morale of the employees, who can feel disrespected and undervalued because the organization believes they lack skills that they know they have.
Scenario two is even worse. That’s when you try to train people in a program for which they lack prerequisite knowledge or skills. They will likely find it impossible to grasp whatever training you are delivering, leading to failure and feelings of inadequacy. As I said a couple weeks ago, a self-efficacy belief is fundamental to learning success.
This is why a diagnostic tool for employee cyber security preparedness would be so useful. Fortunately, we’ve got one.
We developed an assessment to provide our clients with a tool to determine the extent that their employees can recognize and avoid cyber threats. Consisting of 15 questions designed to measure a person’s knowledge of how to detect and avoid cyber threats, the CyberSAFE Readiness Test is available to all organizations at no cost.
In the recent launch of this test, less than 10% of participants who took the test passed it. Most organizations are woefully underprepared for security threats. This tool can help you understand both how well prepared you are and what type of training you need to improve your preparation. It may not be quite as easy as plugging your organization into a diagnostic tool, but it has the potential to help protect you from cyber security threats, which makes it worth the effort to administer to your employees.
For more information about the CyberSAFE Readiness Test and to receive access to the test at no charge, please contact us at +1.801.561.8511 or firstname.lastname@example.org.