Regular readers of this newsletter (thank you!) know I usually begin with a personal story – something in my life that somehow, sort of, relates back to cybersecurity.
Last month, I took a modified approach: There was a story, but it was business-related.
Interestingly, and compared to my typical newsletters, there were two significant differences:
#1. Fewer Reader Responses
Normally, I get a handful of emails and texts about my newsletter. Last month, I got just one … from my mom.
Granted, she is among the handful of people I am most interested in pleasing.
But if I’m being honest, I think her response was less about objective quality and more in the spirit of, “no matter what I do, good or bad, mom sends a supportive text.” (Love you, mom!)
#2. More LinkedIn Engagement
My LinkedIn audience loves anything in the vicinity of cybersecurity compliance tools. Last month’s newsletter was a direct hit; it generated thousands of views – many more than normal.
Different Audiences Want Different Things
In general, I have two types of readers – things resonate differently with each of them.
The newsletter crowd, even the technical folks, will often talk to me about the personal stories: my kids, youth basketball, ski boots, plumbers, vacations, and the like. Rarely do they bring up the cybersecurity part.
The LinkedIn crowd is all about utility: “Give me useful information.”
Different audiences, different interests and objectives.
Cybersecurity training works the same way. Across your organization, your people have varying responsibilities and degrees of technical knowledge. They want and need different things.
Trying to reach them all in the same way with the same information doesn’t work very well. The trick is finding the right mix.
Everyone Needs the Basics
There are some fundamentals everyone needs to know and be reminded of: Don’t click on things like this. Make sure passwords are unique. If it sounds too good to be true, it probably is.
For these kinds of things we recommend using Learning Management Software (LMS). This covers the basics well and allows employees to review them at their own pace and at whatever frequency you specify. This is helpful for both new employees and as a periodic reminder for those already onboard.
And by the way, you may assume your tech people don’t need this simple stuff. But all humans can be lured into doing dumb things. The best fraudster with an even modest amount of personal information can defeat even an experienced, capable employee. Reminders in the form of training go a long way in maintaining awareness.
Custom Needs Demand Custom Training
Beyond the basics, the needs become much less uniform – things a generic LMS can’t provide.
You may need training based on your company’s specific processes or policies: Here are three things you need to know about the new guidelines we just rolled out.
Maybe there was a recent incident you want to highlight to prevent it from happening again: Don’t buy gift cards for your “boss” without first checking with your actual boss.
These are examples of things that tend to be super-specific to your environment or a moment in time. No two sessions are the same.
And, of course, people with more specialized jobs need cybersecurity training related to their work, whether that’s handling of company funds, adhering to regulatory rules, managing customer data, or something else.
It’s Always a Balancing Act
In a perfect world, each person would get exactly the cybersecurity training they need (and no more), at the right time and in the right format. That’s never going to happen.
Instead, cybersecurity training requires tradeoffs – offering the least common denominator across the board and breaking out individuals or groups beyond that based on function and sophistication.
It will never be perfect, but it’s way better than one-size-fits-all!
Now if you’ll excuse me, my mom just texted and I don’t like to keep my one and only superfan waiting.
Want to get great cybersecurity content delivered to your inbox? Click here to sign up for our monthly newsletter, Tales from the Click.
