SECURITY AWARENESS, TRAINING & COMMS
Drive Security Culture and Awareness Using a Mix of Traditional and Innovative Methods
Security Awareness Training Selection and Implementation
End-user-focused security education and training is a necessity in minimizing human risk and influencing the security behaviors of employees. Selecting and implementing the right security awareness program requires an in-depth understanding of an organization’s risk assessments and company culture. In order to build or select training that will resonate the most with staff, MorganFranklin will find the right fit for a team — examining vendors or training programs that already exist, or if necessary, create a custom training program. It may even be most efficient and cost-effective to work with multiple third-party vendors to deliver the most relevant and customized program that speaks to each level of employee and their specific roles/encounters within an organization.
Taking Employee Awareness & Training One Step Further
There are many types of traditional training to choose from including classroom, online, computer-based training (CBT), and phishing campaigns. MorganFranklin takes these training types a step further, approaching security awareness by utilizing innovative training and learning methods, making the process for employees incentivizing, fun, and engaging. As employees learn and understand the reasoning behind the company’s security program, the more engaged and likely they will abide by the policies, and the more comfortable they will feel about reporting incidents and become part of the solution rather than considered the weakest link. Topics covered include: phishing, desktop security, password security, malware, and wireless network connections.
Establish A Security Awareness Training Cycle
Managing security risks is a responsibility of the entire organization, and every employee should be educated on how to protect their organization against threats. MorganFranklin will develop a security operating model that enables the ability for the Information Security team to collaborate with the business and effectively communicate and eradicate cybersecurity issues collectively with the C-suite.
Organizations should consider moving away from sole regulation/compliance efforts and approach security proactively through risk-based decisions. It’s also beneficial for businesses to frequently practice engaging with external partners in order to share and analyze information and collaborate on best defenses.
Changing a department’s mindset from achieving standard compliance to identifying proactive strategic decisions, while maintaining daily functions can be overwhelming. MorganFranklin offers our support and guidance in this transition, providing resources, collaboration and structure along the way. Our goal is to influence and empower the internal team by providing unbiased and refreshed thinkers and problem solvers, enabling cross-functional collaboration, and delivering robust security models, programs and procedures.
Executive Cyber Training
Executives and Leaders face a different set of challenges when it comes to security training. Let MorganFranklin identify those unique requirements and set executives up with concise and relevant information geared specifically towards their interests: operating a secure business, recovering quickly from disruption, effective incident response, traveling with security in mind, and actively communicating cyber risks within the organization.