When conducting an ongoing training program for security to your employees, make sure to remember these tips.
Ongoing Training Program Tips
Know what you want to happen.
When designing your ongoing training program, the first step is to identify what you want to happen as a result of the program. This helps focus your efforts and makes it easier to measure success when you’re done.
For example:
- You may want people to follow security policies and procedures more closely;
- You may want people to understand the risks they face in their everyday work and how they can work to reduce those risks;
- or You may want people to improve their security awareness over time so they become more aware over time.
Know how you will measure success.
After identifying what you want to happen as a result of your ongoing training, identify how you will measure success.
For example:
- You can use surveys or other forms of assessment that gauge how well people understand security principles, policies, and procedures before and after the program;
- or You can use assessments that look at specific behaviors before and after the program — like following security policies and procedures — and see whether people are doing them better after getting through your program.
Whatever form of assessment you choose, make sure it’s based on actual behaviors — not just on knowledge or beliefs)
Know what your baseline is.
Start by establishing a baseline of what you will measure before you begin your program. This can be a good way to see how people are doing in general when it comes to security awareness. You can then see how much progress people make from that baseline after going through the program. (If you don’t know what your baseline is, go back to step one.)
Determine How You Will Deliver the Training
Once you’ve considered the above steps to designing an ongoing training program, it’s time to determine how you will deliver that training.
Ongoing training can be delivered in many different ways — some more effective than others — so your next decision is choosing the delivery method that works best for your program and your organization. Some of the most common delivery methods include:
Ongoing training messages delivered by:
- email or via a computer portal (or both)
- mobile devices such as smartphones or tablets (or both)
- webinars, video recordings, or live sessions
- in person as part of a large event
Factors to Consider in Choosing a Method
The method you choose will depend on several factors, including:
- People who are responsible for delivering the ongoing training should understand why it’s important. They should understand what they must do and how they should do it to ensure success for everyone involved.
- They should also be provided with tools and resources to help them do their jobs effectively.
As important as ongoing training is for security awareness, if people delivering the message aren’t prepared and ready to do their jobs well, then the best-designed program won’t get off on the right foot.