For many organizations, security awareness and training programs have progressed from being a “maybe” to a “must” as a result of high-level national and regional mandates. Regulatory bodies are looking past technical safeguards and acknowledging the need to manage the human element of cybersecurity risk.
In addition to regional requirements, many industries are bound by laws and regulations related to cybersecurity. Our assessment, education, and reinforcement tools can help satisfy the security awareness and training objectives outlined in standards like the following:
- Healthcare Insurance Portability and Accountability Act (HIPAA)
- Payment Card Industry Data Security Standard (PCI DSS)
- North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP)
- Gramm-Leach-Bliley Act
- PAS 555 Cyber Security Risk Governance and Management Specification
Many of our customers are using our Continuous Training Methodology to assess and educate their end users about industry- and organization-specific rules and protocols in addition to everyday cybersecurity best practices. The chart below outlines some of the products, resources, and administrative tools that can be used to support your compliance training efforts.
Using CyberStrength®, you can assess your employees’ understanding of the basic principles behind compliance initiatives and how their actions can impact your organization’s legal obligations. Create your own mix of questions from our library of 150+ questions, write your own questions, or use one of our three compliance-related Predefined CyberStrength assessments: Protected Health Info, Payment Card Industry, and Protecting Personal Data. Our predefined assessments help streamline the administrative process and allow you to use Auto-Enrollment to automatically assign follow-up training to users who don’t exhibit a clear understanding of the topic.
Education is key to changing employee behaviors and enabling long-term risk reduction, and our interactive training modules give your employees the opportunity to apply the principles related to compliance. This hands-on approach allows them to see the ways their actions can positively and negatively impact the safety and security of customers, clients, and fellow employees.
Our modules average 10 to 15 minutes in length, and they are available on demand to give administrators and users more flexibility. Global organizations will appreciate the opportunity to deliver training in more than 25 languages. Plus, in addition to our purpose-written, research-based educational content, our Training Jackets allow you to add custom content to the beginning and end of each module. Remind users about organizational policies, attach a training completion certificate, include a policy acknowledgement screen, and more.
To effectively reduce the risk and ensure compliance throughout your organization, we suggested licensing one or more of the following compliance-related modules (as appropriate for your industry) to help your end users understand their responsibilities and any penalties they may face for negligent behaviors:
- Protected Health Information – This interactive module explains the tenants of PHI (including the 18 PHI identifiers) and educates your employees about why and how they should safeguard PHI to meet HIPAA, HITECH, and Omnibus regulations. Users will also learn about the mandates that cover PHI compliance, primary components of compliance, and best practices for using, disclosing, transmitting, and storing PHI.
- Payment Card Information Data Security Standard (PCI DSS) – Use this training to teach employees how to recognize threats and improve the overall security of credit card data. Users will learn to understand PCI DSS requirements, best practices for managing records and accounts, and how to recognize and act upon security breaches.
- Personally Identifiable Information (PII) – This module teaches employees the best practices for handling, storing, and sharing PII. They will learn the different types of PII; guidelines for identifying, collecting, and using PII; and the fundamental actions to take in the event of a PII breach. Our PII awareness training ensures they will receive interactive instruction about techniques for improving overall security associated with PII.
- Data Protection and Destruction – Though this module is not tied to a specific standard, it could be a valuable addition to your compliance training initiatives. Ideal for organizations that store and discard a vast amount of sensitive personal data, this training helps your employees learn how to properly manage physical files, documents, and portable storage media, as well as technical safeguards for electronic devices and files. We also teach users about techniques for properly disposing of and destroying confidential data.
Because cybercriminals continue to become more sophisticated, it’s critical to keep reinforcing best practices to improve retention. We recommend organizations use our PhishAlarm® email reporting tool and our portfolio of Security Awareness Materials to make the most of their awareness and training efforts.
Our PhishAlarm email client add-in enables your employees to report a suspected phishing email with a single mouse click. Users who report a suspicious message are immediately rewarded with a "thank you" pop-up message or an email that encourages this behavior in the future. You can add PhishAlarm Analyzer to prioritize reported messages and streamline response and remediation.
Our Security Awareness Materials are visible reminders of best practices learned. We offer a wide selection of posters, images, articles, and giveaways that complement our assessment and training products to deliver clear, consistent messaging and keep cybersecurity top-of-mind year round.
By continuing to emphasize best practices and encourage good behaviors, you can reduce your vulnerability to attack.
Measure and Analyze Results
Measurement is a key component of all our security awareness and training products because tracking and analysis provide value on many levels, including identification of ROI.
We offer a range of detailed reports that give you broad and granular insights into the results of your assessments and training. Analysis tools help you determine which mock attack to send next and the areas in which your users are likely to benefit from additional education.