For businesses that manage sensitive data, whether medical, financial or otherwise, the necessity for robust cybersecurity cannot be overstated. Clarissa Banks, Chief Information Security Officer at Deluxe, recently shared how her team works to keep the organization safe, secure, educated and engaged, while having fun along the way.
Keys to effective cybersecurity training
Enhancing your organization's security posture requires a multifaceted approach, combining engaging training, positive reinforcement, practical tips, awareness of emerging threats and advanced security practices. But for implementation to be effective, security measures must integrate seamlessly into employees’ lives.
“The idea here is not to create a burden, but to build it in as normal practices,” shared Banks at an early 2024 conference, “Like locking your door, locking your car, those things are ingrained... part of our security training program is making it seamless and integrated so that [good security practices] are ingrained.”
The idea here is not to create a burden, but to build it in as normal practices... making it seamless and integrated so that [good security practices] are ingrained.
-
Clarissa Banks
Chief Information Security Officer , Deluxe
Here are a few ways Banks shared that help Deluxe maintain its own robust security posture through trainings:
1. Marketing-centric approach
Strengthening your organization’s “human firewall” requires more than traditional training methods, which are often seen as dull (and thus, ineffective). For cybersecurity training to be impactful, focus on fun, engaging tactics.
“One of the things that we did was a play on my name – Clarissa,” Banks shared. “If you remember back in the nineties, there’s a show called ‘Clarissa Explains It All,’ and we had a really fun campaign [developed around] that.” From dressing up in 90s-centric gear to videos and activities based on the TV show, Banks’ team developed an entire campaign for Cybersecurity Awareness Month to make training more fun and resounding.
2. Gamification
Banks’ team also puts out monthly phishing simulations based on current news to help employees relate real-world scenarios to cybersecurity, improving their detection skills.
“We use recent news articles and topics to trigger people's memory,” Banks explained, noting how this connection to real-world events encourages good practice in detecting phishing emails. By keeping the training dynamic and relatable, employees are more likely to engage and retain crucial information.
3. No “gotcha” moments
Encouraging proactive participation in security practices through positive reinforcement is far more effective than punitive measures.
“Punishment is not a preferred way to incentivize folks,” explained Banks. Instead of punishment, use rewards, such as a ‘wall of fame’ that highlights departments that excel in spotting and reporting phishing.
“It’s an ongoing incentive to be a good cyber citizen,” Banks said. This approach fosters a culture of enthusiasm and accountability around cybersecurity. Recognizing and rewarding good security practices encourages ongoing engagement and commitment.
4. Consistent communication
Effective, ongoing communication is key to keeping security messages fresh and engaging. Banks’ team utilizes various methods of communicating, including emails, chats, and in-person sessions. She’s not afraid to branch out into more creative formats to deliver security messages, too.
“Another example I've done before is rap videos,” Banks shared. “It’s a very non-traditional concept, but for various audience, it tends to resonate." Tailoring the delivery to resonate with different audiences within the organization ensures that everyone can relate and stay engaged.
5. Awareness of emerging threats
Staying aware of recent cybersecurity trends is another good defense. A recent example of these trends is the increasing use of generative AI to bypass security measures and create convincing phishing attacks. Employees should be vigilant about external emails, carefully checking sender details and being cautious with unexpected requests or links. Regular updates on emerging threats help maintain an elevated level of awareness and preparedness.
6. Encourage good security habits at work and home
Simple yet effective security practices are essential for protecting both personal and corporate accounts. Here are some key tips Banks shared:
- Use a password management tool. Avoid password reuse by using password management tools like LastPass or 1Password.
- Longer is better. Create strong, unique passwords for each site, with passwords being 16 or more characters long. If you struggle with this, Banks suggests adding the site name the password applies to into the password itself.
- Enable Multi-Factor Authentication (MFA). MFA is crucial for securing accounts, providing an extra layer of protection.
- Complete phone updates as soon as possible. Software updates generally involve increased security measures or security fixes, so keep devices updated to safeguard against vulnerabilities.
- Be smart when using public Wi-Fi. Use VPNs on public Wi-Fi to ensure secure communications. Only visit websites that begin with “https,” and turn off sharing settings for files, devices and public folders.
These practices are fundamental and can significantly reduce the risk of security breaches.
Key takeaways
Organizations can strengthen their “human firewall” through fun, interactive activities that encourage healthy security practices through positive reinforcement. This high-engagement strategy promotes better retention rates, and positions cybersecurity as a habit rather than a chore.
By integrating these strategies, organizations can create a comprehensive and engaging cybersecurity program. This not only enhances the overall security posture but also fosters a culture of initiative-taking security awareness throughout the organization. As the cybersecurity landscape continues to evolve, staying ahead with innovative and effective practices will be key to safeguarding your organization's assets, data and privacy.
RECOMMENDED RESOURCES