No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Compliance

5 Tips to Gain Compliance on Your Compliance Training

A company’s cybersecurity program is only as strong as the workers who support it

by Stu Sjouwerman
October 12, 2022
in Compliance, Cybersecurity
checklist

We know that compliance doesn’t necessarily equal security and that training employees is vital to preventing cyber attacks. But a poorly trained worker is the same as one not trained at all, and in too many tech companies, training isn’t exactly exciting or inspiring. As Stu Sjouwerman explores, there are simple-but-effective methods to get everyone on board for security compliance training.

Several high-profile companies this year — Cisco, Microsoft, Mailchimp and most recently Uber — fell victim to social engineering and phishing scams, even though most of these tech companies have the best cybersecurity teams and infrastructure on the planet. The reality is that businesses can deploy all the security tools they want, but human behavior will always remain the weakest link. 

Thankfully, there’s a way to manage this. Studies show security awareness training can reduce the susceptibility to phishing, and most cybersecurity regulations mandate organizations to impart some form of security training to employees. That said, we all know that compliance training is often dull and uninspiring. In fact, employees who receive poor training are almost indistinguishable from those who have received no training at all. So how can organizations do better with cybersecurity training? Here are five tips that can help:

1. Get leadership buy-in

If you want employees to care about your training, you must first get leaders to care about it. Engage leadership by talking about historical incidents that resulted in near-misses. Share stories from your industry and how effective training saved the day. Present the plan but don’t just present it without options, recommendations, timelines and deadlines. Instead of using technical mumbo jumbo, speak in a language the business comprehends. Metrics on average attendance, frequency, completion rates, phish-prone percentages, number of incidents, incidents reported by employees, etc., can help build a strong pitch, spark interest and participation from leadership teams. 

2. Focus on reporting and visibility

It’s critical that security and compliance teams track and report training activities, as this can demonstrate progress and build trust and visibility into the program. Have a firm due date in place for training and report people who do not complete in time. When managers encounter team members who do not complete their training, ensure you document it, including the reason why they did not complete it. Try creating tailored dashboards for different groups, managers and leaders and report at periodic intervals. Use tools that can allow self-service to see who has completed training, who has not completed and who are repeat offenders. Present your key observations at leadership meetings to build visibility so they are aware of the progress and the challenges. 

3. Gamify your program

Gamification is one of the best ways to make training more engaging and effective. Studies show that employees who receive gamified training feel more motivated compared to those that receive non-gamified training. Gamifying a program is easy. Badges, ribbons, points or challenges can go a long way in motivating employees. Break people up into teams, use dashboards or leaderboards to highlight and display user progress and create competitive spirit amongst participants. Provide exclusive advantages, a gift card, a meal coupon, a preferred parking spot on campus, etc. Employees that complete their training early can gain entry to a raffle, a door prize or a giveaway contest. 

4. Mix up your content

If you do the same thing every year, don’t expect a different result. It can be annoying and demotivating to go through the same information and format. Make the content more engaging by making it more personalized using real-world examples that are relevant to the employee’s roles and responsibilities. Mix up content using classroom exercises, phishing tests and simulations. Try using focus groups with participation from influential staff who may not necessarily be leadership but whose voices are trusted and respected within the organization. Finally, don’t forget to measure results, look for improvements based on feedback and fine-tune the program using content that best fits your audience. 

5. Standardize systems and approach

A standardized systems approach can go a long way to making things simpler for users, which is going to have a direct impact in terms of engagement, participation and completion rates. In other words, you don’t want people using multiple systems. If there is a link to the policy somewhere, you should link that policy within your training. If the system supports single sign-on, participants can easily bounce over to that, read the policy, attend training, take the quiz and get the completion credit. Brand the program so that it looks professional, authentic and feels like a critical part of the organization. 


Tags: Cyber RiskData BreachTraining
Previous Post

Global Screening Services Spins off From AlixPartners as Standalone RegTech Provider

Next Post

Understanding Board’s Expanding ESG Obligations (Hint: It’s Not Just About the Environment)

Stu Sjouwerman

Stu Sjouwerman

SjouwermanStu Sjouwerman is founder and CEO of KnowBe4 [NASDAQ: KNBE], developer of security awareness training and simulated phishing platforms, with 41,000 customers and more than 25 million users. He was co-founder of Sunbelt Software, the anti-malware software company acquired in 2010. He is the author of four books, including “Cyberheist: The Biggest Financial Threat Facing American Businesses.” He can be reached at ssjouwerman@knowbe4.com.

Related Posts

risk tunnel

From Regulation to Volume, There Is No Light at the End of the Data Privacy Tunnel

by Jim DeLoach
March 15, 2023

Data proliferation and data privacy regulatory activity across the globe have created the need for focused boardroom discussions. An underpinning...

2023 EEOC and Employers: Investigating Harassment and Discrimination

2023 EEOC and Employers: Investigating Harassment and Discrimination

by Aarti Maharaj
March 14, 2023

With employment discrimination on the rise, EEOC encourages employers to provide anti-harassment training to their employees and managers and to...

Onboarding Best Practices for Millennial and All Employees

Onboarding Best Practices for Millennial and All Employees

by Aarti Maharaj
March 14, 2023

Reducing turnover and fast-tracking new employees to productivity is a key business imperative. The reality is that about 30 percent...

Risk Analysis in the Medical Device Design Process

Risk Analysis in the Medical Device Design Process

by Aarti Maharaj
February 24, 2023

Medical Devices by their very nature must be safe for human use and must meet the requirements for which they...

Next Post
e stealing resources

Understanding Board’s Expanding ESG Obligations (Hint: It's Not Just About the Environment)

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT