One of the best ways to reduce security risks is to help end users understand how to spot and avoid threats they face. A popular method of amping-up user knowledge (whether it’s for security, company policies, or IT in general) is to host a quarterly or biannual training. This lets you coach users on things that will make them more capable, more cautious users.
Here’s how to create and execute effective trainings.
Start by deciding exactly what you want your users to know. Maybe you’ve had trouble with phishing emails and you want to help users spot them. Maybe scammers hit you with a social engineering scam and you want to make sure people in the company understand protocol so they don’t make costly mistakes. Whatever the case, pick a subject (or even a few) that will have an impact on keeping things more secure, or preventing various issues.
Create an Outline
Next, build an outline to guide you as you build the presentation. Include an introduction that explains the topic, relevant sections of the lesson, and a question and answer section at the end. As you build this, consider whether there are supplemental materials (statistics, videos, photos, infographics, etc.) that can help support your discussion and make the lesson more memorable and authoritative. As an example, here’s an outline you might use for a presentation on phishing scams:
- Intro: What is Phishing?
- Stats on frequency of phishing
- Stats on yearly cost of phishing scams
- What happens if you click a phishing email?
- What do phishing emails look like?
- Overview of common messages in phishing emails
- Example images of phishing email (including examples of very convincing ones)
- How do you spot a phishing email?
- Be mindful of strange requests, odd language use, or peculiar formatting
- Hover-over to check URLs
- If in doubt, ask your IT team!
- What if you find a phishing email?
- Inform IT of the message
- Q and A
Plan the Event
To maximize attendance, it’s wise to schedule your training a few weeks ahead of time and to garner the support of company executives so that employees understand how important their attendance is. If executives can make a training mandatory, all the better for you. As you plan the event ensure that you have adequate space for attendees, the correct audio-visual equipment, as well as refreshments that might make your training seem like as educational as it is rewarding. Send out an email invite to your training, and include a basic agenda so attendees know what to expect.
You have an outline and a schedule, now it’s time to create the presentation in time for your event. A simple slide deck is a perfect way to get your message across. Luckily, your outline should make the process simple. Each section of the outline can be a slide in the deck. All you need to do is list a few bullets, add relevant imagery, and think carefully about what you’ll say while the slide is on the screen. You may wish prepare speaker’s notes you can rehearse as well. You presentation doesn’t need to be perfectly polished, but it should be neat, straightforward, and free from typos and other errors. Remember, too, that you need to keep the attention of your audience for the duration of the presentation – don’t be afraid to use some style and humor to make your presentation compelling
According to the Washington Post, speaking in front of others is the number one fear in the U.S. You may or may not be one of the 25.3 percent of people who fear public speaking, but if you are, there are some tips courtesy of the public speaking experts at Toastmasters that will help. Among their 90 tips for public speaking is “know your material.” Practice makes perfect, so be sure to review your presentation and practice before you get in front of your audience. Your ability to deliver a training with confidence and authority will make the content that much more impactful.
There’s a lot of work involved in hosting regular training presentations, but the work you put in is an investment in end-user knowledge that will pay off in the long run. If your anti-virus and spam filters ever fail, your users are your last line of defense. The more they know, the better allies they are in preventing security issues, various kinds of fraud, and so forth. Prevention efforts are a great way to ensure that a company has iron-clad security through its software, policies, and its people.