I’ve always been a big fan of train-the-trainer programs. Even if you are a great computer security consultant and trainer, there is a limit to what you, one person or one team, can do. “You” are hard to scale. That fact is why KnowBe4’s 1,000+ pieces of training content in the Mod Store are so popular in the first place. It’s got tons of content; much of it different than anything else next to it.
People learn differently, and there is for sure some style of content…a lot of content…in our Mod Store that appeals to everyone. We’ve got serious videos, funny videos, Netflix-style episodic seasons, cartoons, games, posters, webinars, blog posts, ebooks, and a ton of tools…all trying to drive home security awareness training (SAT) in a way that influences people’s behaviors. And it can all be easily automated in a hands-off way that requires very limited time and involvement. That’s why people choose KnowBe4.
We are also big fans of local SAT experts using stories and local experience to help drive that SAT education home. When end users see local people caring and evangelizing SAT, it helps the lessons to sink in more than for someone who is “forced” to watch a training video once a year. But we also realize that most organizations don’t have the time or resources to have one person or team develop those one-on-one relationships, especially in larger organizations. That’s where having a team of volunteer proactive security awareness advocates can help.
I’ve worked with more than a few entities which create special programs to leverage good content and local people to spread the message and improve the culture. The programs have different names (i.e., Security Guardians, Sentinels, etc.), but they all invite volunteers to help educate everyone else in some small way. I’m a big fan of them and I think any size organization can benefit.
Start by creating a cool name. You want it to be catchy, but not kitschy. Then invite anyone to volunteer to be a part of it. Let them know that it is a low time commitment and that they can be involved in any way that they like. Create some team swag, like a t-shirt or some other little gift with the team’s name or logo. Then tell them to that all they need to do is spread a little proactive security awareness around the company. Perhaps you give them access to more SAT content; but let them decide how to help spread the message. It doesn’t have to be anything formal. It can be nothing more than them proactively telling others what to look out for when opening emails, hanging one of our social engineering red flag posters around in the office area, or discussing a recent phishing email and the red flags they saw that made them realize it was a real phishing, and what they did with it.
Here’s a little secret. When you recruit these advocates, you are not only helping to spread the word, but these advocates will become better trained and be more likely to not get fooled by phishing and social engineering scams. It’s going to make your SAT success rate higher. Nothing helps drive home a message than teaching it to someone else, and so on.
Your SAT advocates can create little contests within their own small circle, which offers monthly prizes, such as a free pizza party celebration if no one gets successfully phished for a month. They can invite others to share how they accidentally fell for a particular real-life phish and what they did after it happened. They can share SAT content, like our social engineering red flags poster, or anything else that they found help. They can recommend particular videos, like our excitingly different “The Inside Man” series. They can do anything they think will help influence the organization’s security culture in a positive way.
We are all trying to fight a common foe – social engineering and phishing. It’s responsible for 70% to 90% of all successful breaches. No other root cause of cybersecurity incidents is close. We need all hands on deck. You need great security awareness training content. Check! Now, get some volunteers to help spread the message across your culture to help the lessons to stick a bit more. It’s win-win for most organizations.