"Changing Employee Behavior From The Unpredictable To The Secure!"
The CFISA course is a unique approach to security awareness training, blending security best practices and customer-specific security policies with behavioral psychology, compelling storytelling, and rich interactive media.
Our training focuses on ways to improve employee security awareness and related behavior so that security policies are understood and embraced. The lessons will address the security challenges that are relevant to your environment including the risk associated to non-compliance of policies and the insider threat threat.
All lessons provide common sense explanations of the reasons behind the policies and procedures, increasing employee buy-in.
The course is based on five fundamental principles:
- In order for security awareness to work, ideally most or all of the time, “thinking security” must become instinctive, and as second nature as being polite to customers.
- In order for employees to start behaving securely, their current behavior must be modified or security rules will never work.
- For behavior to become instinctive employees must change their attitude to and perception of both the challenge and the outcome.
- In order to modify security behavior, employees must feel a relevant, personal, and direct connection to the outcome.
- Training must be packaged properly to achieve that outcome.
We believe that employee security awareness continues to fail for the following reasons:
- Most organizations still don’t have a culture of security, or "security saturation," thus leaving awareness training to survive in isolation.
- Training is rarely frequent enough to have any effect on behavioral change.
- Trainers usually focus on enforcing rules, not changing behavior.
- Most security trainers are poor and unconvincing communicators.
How we apply these principles:
The first part of the course focuses on the behavior challenges; helping employees make a personal connection with cybercrime and workplace security; understanding who commits these crimes and what their motives are; understanding why exploiting predictable employee behavior is critical to committing these crimes; and why modifying personal behavior can be so powerful in preventing these crimes.
The second part of the course then focuses on the rules, and how they contribute to behavioral change and better workplace security. It addresses all the key security vulnerabilities, including web and e-mail use, passwords, data classification and protection, social engineering, preventing computer viruses and spam, security outside the office, personal workspace security, acceptable use of electronic resources and more.