http://www.mediapro.com

It’s A Scary World Out ThereThe threats to cybersecurity and data privacy are definitely scary enough to keep you up at night. Not only do the threats just keep coming, the landscape itself is continually changing….

Not long ago, you only had to deal with “Nigerian Prince” email scams. Today, you’re getting pounded with shrewdly crafted phishing emails directed right at privileged users and “Account Compromised” alerts that deliver some of the nastiest malware yet conceived (like ransomware).

It only takes one successfully phished employee to compromise your entire network, potentially exposing the private, sensitive data of all your clients.

Cybercriminals are targeting the most difficult vulnerability to protect: your employees.

That’s right: social engineering was the #1 attack vector in 2015, according to a ProofPoint report.

Here’s the scariest thing:

Employee Awareness Programs are the TicketBut don’t despair: behind statistics like these, there is hope. Humans may be at the center of the problem, but it is a problem that can be solved.

(We hope we don’t surprise you when we say employee awareness programs are a vital part of any cybersecurity or data privacy strategy)

76% less is spent on cyberattacks when employees are trained, according to a PriceWaterhouseCoopers report.

But Not Just Any Awareness Program

Getting awareness right is difficult:

Only 50% of the companies surveyedin a Ponemon Institute report agreed their current employee training actually reduced noncompliant behaviors.

Perhaps that’s because so many

companies—43%—offer a one-size-fits-all approach for employee training.

One-Size-Fits-All is Not the AnswerLong story short:

Relevant > One Size Fits AllLearning theorist John Keller’s ARCS learning model (attention, relevance, confidence, and satisfaction) highlights the importance of relevance for adult learners.

He shows us that employees accept the information in new training when they can see how it relates to their interests, job role, and personal objectives.

To put it more simply: when it’s relevant, learning sticks; when it’s not, you’re wasting your time.

Role-Based Training = RelevantSo what does it take to be relevant? We see the most relevant experience or your employees coming from a role-based approach.

Role-based cybersecurity or privacy training allows employees in different roles, such as human resources and IT, to receive education tailored just for their specialties.

Here are three good reasons to implement it:

Reason #1Right Content

To the Right People

In a modern organization, we all have a part to play in the grand scheme of cybersecurity or data privacy. But what your employees need to know to play their parts differs greatly by job role. Make your training reflect these differences.

IT employees don’t need to know about safeguarding conversations with potential hires, but do need to be well-versed in preventing unauthorized data access and use. Similarly, HR staff don’t need to be bothered with education on PKI certificates, though protecting sensitive employee information is exactly in their wheelhouse.

With role-based training, all this is possible.

Reason #2Speaking Their Language

Tone is crucial when addressing your organization’s people.

That’s why communicating security and privacy best practices to the C-suite (yes, they need training too), for example, should use different language and different examples than training for rank-and-file employees.

Framing education in the way the makes the most sense for each of your organization’s departments will help each department member apply those lessons to their everyday work lives.

Role-based training allows you to not only target the right topics to the right employees, but the right messaging as well.

Reason #3Save Your Employees Time

(And Your Organization Money)

Role-based training ensures your employees only get trained on the content they need, without time wasted on content that’s not relevant to them. They appreciate getting training that matters— and you appreciate that they have more time to focus on productive work.

A role-based approach means less training time for each person—and that means you get the best bang for your training buck.

To Sum UpYour employees are a vital part of your cybersecurity or data privacy strategy.

Employee security and privacy programs are essential, but need to be done right.

Training content is most impactful when it’s relevant, and a role-based approach lets you deliver exactly the content your employees need, without wasting their time on lessons they don’t need to learn.

Now What?Find out how MediaPro’s role-based training can bring your employees the most relevant learning possible.

While you’re at it, check out other ways to boost your awareness program, like phishing simulations, knowledge assessment surveys, and training reinforcement content (such as animated videos and games).

Contact Us Today