IT pros know the drill: Offering security training for end users is critical because it’s often their mistakes that lead to data breaches. But too often, companies don’t focus their security awareness efforts where it has the biggest impact:
With the company’s executives.
Top-level leaders are the ones with access to the most sensitive financial data and other corporate information. They’re also the most visible people in the organization, making them the top targets for social engineering and spear phishing attacks.
And executives are the people in the company most likely to be working with mobile devices.
The bottom line: There are a lot of ways top brass can accidentally expose sensitive information to cyber criminals.
However, rather than focusing the most on that group when it’s for security awareness training, many IT departments let executives off the hook.
It makes sense, since those are the people with the most clout and who are most likely to use the excuse that they have more important things to do.
But it doesn’t have to be that way. Here are some tricks IT can use to get more executives on board with security training:
1. Make it exclusive
Often, executives shun security training because they believe they shouldn’t be treated the same as every other employee. IT can turn the tables by showing them that they are different — and that cyber criminals will view them differently, too.
Instead of having executives sit in on a general training session, it could have more of an impact if they get their own sessions focused on the threats they’re most likely to face.
2. Get an ally
Finding an ally in one of the company’s executives is important for getting the security message through to any users — but it’s even more critical when the users are other executives.
In many cases, the best person to target is the CFO — after all, security attacks can be a huge drain on the company’s bottom line, so that can be used to get the top Finance exec on board.
3. Give them a test
Even more so than other users, executives might think they don’t need security training because they already know everything.
One good way to get to past that attitude is to test their IT security knowledge with a quiz beforehand. That will also help IT choose what to focus on during the training.