Yawn. I’ve been here for six hours and all I’ve seen so far is someone who cut their finger slicing potatoes and someone who burned themselves trying to fry a turkey. What a lame Thanksgiving. I thought my first time working a holiday at a prestigious hospital would be more eventful than this. Time to play some web games…
CRUD!!! Oh no. No no no no no. I’m in trouble!! I need to call the helpdesk before this gets really bad…
Mistakes like this happen every day and can lead to serious attacks. The person playing web games in the story above is based on a true story; fortunately, the ransomware was safely quarantined. Unfortunately, the employee was fired.
As humans, sometimes we make poor decisions that lead to malware attacks, choose easily decipherable passwords, or fall victim to a clever phishing scam. These are all things that good security awareness training programs can prevent.
The Importance of Security Awareness Training
We all know that Healthcare must provide Security Awareness Training (SAT) so that employees learn how to identify, prevent, and report potential security events, but some programs are more effective than others.
SAT has evolved tremendously over the years. It’s no longer a “check the box” training. The best programs use engaging, personalized storytelling, and change human behavior by offering content that’s memorable– because that’s how people remember and retain information best.
A good SAT is also built to increase adoption and minimize training fatigue. Sitting down for a 30-60 minute training isn’t ideal, so aim for short, 5-7 minute trainings once a month.
Gone Phishing
Even the most robust email filters on the market can’t block everything – phishing emails can still get through.
Recurring training is essential so employees can recognize and report potential security threats. Provide training regularly – at least quarterly, but preferably monthly – to help ensure cyber safety is part of your organization’s culture. This will instill confidence in employees’ choices and habits, and they’ll feel included in protecting the safety of the entire organization.
Benefits of Managed Security Awareness Training
Rolling out and managing an effective managed security awareness training program can be extremely time-consuming and costly when done in-house. Not to mention the strain (and potential turnover) it places on analysts within the organization to constantly monitor and administer phishing results and employee reports of possible threats.
Many healthcare organizations have shifted to outsourcing the management of their security awareness training as a way to increase adoption rates, decrease workload, and motivate employees to become engaged in a culture of cybersecurity awareness – all for a fraction of the cost the organization would pay to manage it on their own.
To gain insight into how to build the cybersecurity culture you want and need, check out our on-demand webinar, The Art & Science Behind a Strong Cybersecurity Culture.