Find and Assess Your "why" for Security Awareness
January 6, 2023
As we enter 2023, it is a good time to take stock of activities, assess what is working and what is not working, and prioritize for the year and beyond. This is a common practice to categorize current initiatives and activities as either things to stop or continue. In some cases, this evaluation results in starting new activities. If you run a security awareness program, this is a process you should run on a regular, at least annual, basis.
Security awareness training is an important aspect of any company's security strategy. It’s required by almost every privacy and compliance framework or regulation. Last year, we discussed why companies do security awareness training. We listed three primary reasons why a company would have a security awareness program.
Or, you could be more granular about the reasons to do security awareness. Below are several common reasons companies cite for why they invest in security awareness training for their employees:
Security awareness training is an important investment for any company. Why are you doing it? Which of the above reasons aligns with your goals for security awareness training?
Though we believe at Haekka that the goal of security awareness should be to help employees defend against attackers and to level the playing field against attackers, each company needs its own why. You then use your why to decide if the security awareness activities they are undertaking are achieving that why.
If you do security awareness training because you simply have to check the box for audits and to close deals, then it makes sense to ensure the necessary training is getting done annually and that you have the evidence you need to pass your audits and satisfy your customers. We suggest using free security awareness training for this; if you have 1,000 employees or less, Haekka offers a 100% free plan that includes our Slack app and the security awareness training you need to pass almost any audit.
If you do security awareness to reduce your risk, choose a more feature-rich human risk platform. These platforms help target training to the areas, and people, in your company that are at the highest risk.
If you do security awareness training to empower your users to defend against attacks, then connect with them. Treat them as partners and work together to protect them, and by extension your company, against attackers. This connection between security and employees requires more than security awareness training and phishing simulations.
No matter your reason for doing security awareness, stepping back to evaluate if your current approach and spending address your why is worthwhile regular exercise.
Schedule a demo
Get started with a free trial by scheduling a demo today. One of our training experts will walk you through a live Haekka demo.