Turn your weakest link into your strongest security ally
IT and security professionals should remember that they are specialists in their field with additional training and expertise in managing computer systems. Just because end users in other departments aren’t up to your level doesn’t mean they are a lost cause. In fact, your non-technical end users are a critical piece of your security program, acting as your eyes and ears to spot threats early and sound the alarm.
The biggest challenge is getting them engaged and bought into the security program. While basic security awareness training on the latest threats and attacker techniques will always be important, the cookie-cutter videos and modules most companies use are usually seen more as a chore than a benefit.
A great way to flip the script and increase engagement is to take the time and tailor specific training for your audience that doesn’t just cover the “dos and don’ts” but also includes the “whys” and “hows.” Instead of telling your end users to watch out for vishing calls, create a quick demo using one of the popular AI models to deepfake one of your company’s executives (strictly for demo purposes) and show your users exactly how attackers are leveraging this technology to go after victims. Customized, topical security demo sessions like this have a better chance of making an impact and improving overall awareness of the latest threats. Plus, they’re pretty fun to run.
