Building a Security Awareness Program to Help Defend Against Cyber Extrotion and Ransomware

Issue link: https://insights.oneneck.com/i/1476867

Contents of this Issue


Page 7 of 9

7 Final Thoughts & Best Practices There are some best practices which we have picked up over the years that help when embarking on a security awareness and culture campaign: 1. Do not manage what you cannot measure. Create a baseline view of your current awareness status by running a proficiency or security culture assessment and track it every 12 months. This will allow you to showcase improvements. Phish-prone Percentage TM (PPP) can help as a tracking metric, but can be manipulated by changing phish sophistication levels, so this needs to be reported in context. 2. Involve your executives. Executive involvement goes beyond sponsorship or budget approval for the campaign. Your executives should be the face of your campaign, people look at what their leaders are doing. 3. Do not do it alone. Work with your marketing, internal communications, HR and compliance teams, amongst others, to gain input and approval for your campaign plan. 4. Combine training with frequent phishing simulations. Doing quarterly phishing is not enough. Everyone in the company should get a randomly-assigned phish every week (or as often as your corporate culture will tolerate – at least monthly). This gamifies the experience as every email needs to be scrutinized. Create targeted or customized phishing emails for your privileged users. 5. Remediation training for frequent clickers. Provide in depth remediation training for frequent clicker-groups, which gets automatically assigned upon a pre-set number of "clicks." This ensures training is targeted at people who need it. Suggested cyber extortion awareness campaign plan By applying BJ Fogg's behavior design model, considering the top exploit causes as well as the best practice points listed above, your cyber extortion awareness campaign becomes more targeted and effective. If you are already a KnowBe4 customer, please speak to your Customer Success Manager for guidance around relevant training modules.

Articles in this issue

Archives of this issue

view archives of eBooks/eGuides - Building a Security Awareness Program to Help Defend Against Cyber Extrotion and Ransomware