WEBVTT 00:00:00.000 --> 00:00:07.077 align:middle line:90% 00:00:07.077 --> 00:00:08.660 align:middle line:84% In this video, we're talking about why 00:00:08.660 --> 00:00:11.002 align:middle line:84% employee training is important, and we'll also 00:00:11.002 --> 00:00:11.835 align:middle line:90% be giving some tips. 00:00:11.835 --> 00:00:14.530 align:middle line:90% 00:00:14.530 --> 00:00:19.120 align:middle line:84% So according to Varonis Cyber Security for 2020, 00:00:19.120 --> 00:00:25.120 align:middle line:84% hackers attack every 39 seconds, on an average of 2,244 times 00:00:25.120 --> 00:00:26.680 align:middle line:90% a day. 00:00:26.680 --> 00:00:29.730 align:middle line:84% Data breaches exposed 4.1 billion records 00:00:29.730 --> 00:00:31.320 align:middle line:90% in the first half of 2019. 00:00:31.320 --> 00:00:34.050 align:middle line:84% And the average cyber security spending per employee 00:00:34.050 --> 00:00:36.853 align:middle line:90% is $1,178. 00:00:36.853 --> 00:00:38.520 align:middle line:84% Now those are pretty staggering numbers. 00:00:38.520 --> 00:00:41.040 align:middle line:90% 00:00:41.040 --> 00:00:46.491 align:middle line:84% Now your employees deal with a lot of things every day, 00:00:46.491 --> 00:00:48.600 align:middle line:84% between the social engineering attacks, 00:00:48.600 --> 00:00:52.170 align:middle line:84% phishing and spear phishing, cold calls where people might 00:00:52.170 --> 00:00:54.840 align:middle line:84% try to social engineer in person, 00:00:54.840 --> 00:00:58.710 align:middle line:84% and also the unwitting insider attack. 00:00:58.710 --> 00:01:02.790 align:middle line:84% Now training is going to be key in helping circumvent this. 00:01:02.790 --> 00:01:06.570 align:middle line:84% But the problem with training is we can't make it too confusing. 00:01:06.570 --> 00:01:08.070 align:middle line:84% If the training is too confusing, 00:01:08.070 --> 00:01:11.600 align:middle line:84% your employees are likely to either misunderstand 00:01:11.600 --> 00:01:13.770 align:middle line:84% what you're trying to communicate out, 00:01:13.770 --> 00:01:16.110 align:middle line:90% and/or ignore it. 00:01:16.110 --> 00:01:18.360 align:middle line:84% If you make it too boring, your employees, 00:01:18.360 --> 00:01:21.600 align:middle line:84% again, are probably not going to pay too close attention 00:01:21.600 --> 00:01:24.810 align:middle line:84% and again ignore what you're trying to teach them. 00:01:24.810 --> 00:01:27.990 align:middle line:84% Now if you make it too dumbed down, 00:01:27.990 --> 00:01:30.850 align:middle line:84% they could find it patronising or too restrictive. 00:01:30.850 --> 00:01:32.580 align:middle line:84% And then you're going to get backlash. 00:01:32.580 --> 00:01:34.080 align:middle line:84% And again, they're not really going 00:01:34.080 --> 00:01:36.135 align:middle line:90% to engage in that training. 00:01:36.135 --> 00:01:38.840 align:middle line:90% 00:01:38.840 --> 00:01:43.480 align:middle line:84% So in figuring out, we need to consider a few different things 00:01:43.480 --> 00:01:44.330 align:middle line:90% here. 00:01:44.330 --> 00:01:46.240 align:middle line:84% We need to assess where our users can 00:01:46.240 --> 00:01:48.630 align:middle line:90% help us secure our network. 00:01:48.630 --> 00:01:51.380 align:middle line:84% After all, there tends to be a lot more users 00:01:51.380 --> 00:01:54.760 align:middle line:84% than there are, say, IT personnel 00:01:54.760 --> 00:01:56.725 align:middle line:90% to secure your network. 00:01:56.725 --> 00:01:58.600 align:middle line:84% We need to determine where we need to improve 00:01:58.600 --> 00:02:01.475 align:middle line:90% our own security posture. 00:02:01.475 --> 00:02:03.600 align:middle line:84% We should determine, if possible, how knowledgeable 00:02:03.600 --> 00:02:06.080 align:middle line:84% our users are so we could actually structure our training 00:02:06.080 --> 00:02:09.718 align:middle line:90% to that as much as possible. 00:02:09.718 --> 00:02:12.010 align:middle line:84% We need to determine how much time our training will be 00:02:12.010 --> 00:02:14.590 align:middle line:84% and where they're going to take it. 00:02:14.590 --> 00:02:20.030 align:middle line:84% How our users train will be online, in person, off site. 00:02:20.030 --> 00:02:23.180 align:middle line:84% How do we keep our users engaged and willing to participate? 00:02:23.180 --> 00:02:27.170 align:middle line:84% And also, with the training, are we going to do it in-house, 00:02:27.170 --> 00:02:30.010 align:middle line:90% or are we going to outsource it? 00:02:30.010 --> 00:02:33.850 align:middle line:84% Now one method that's popular is gamification. 00:02:33.850 --> 00:02:37.910 align:middle line:84% And the people that you train don't necessarily 00:02:37.910 --> 00:02:40.310 align:middle line:84% have to be, say, hardcore gamers. 00:02:40.310 --> 00:02:42.380 align:middle line:84% A lot of people or even casual gamers 00:02:42.380 --> 00:02:44.360 align:middle line:84% playing things like Words with Friends, 00:02:44.360 --> 00:02:48.800 align:middle line:90% or Candy Crush, stuff like that. 00:02:48.800 --> 00:02:53.570 align:middle line:84% Gamifying your training can make it fun, engaging. 00:02:53.570 --> 00:02:55.820 align:middle line:84% And ultimately, that's what you need to do. 00:02:55.820 --> 00:02:59.180 align:middle line:84% You need to capture your audience's attention. 00:02:59.180 --> 00:03:02.000 align:middle line:84% So that's where gamification can come in handy. 00:03:02.000 --> 00:03:03.830 align:middle line:84% Now tips for gamification - there's 00:03:03.830 --> 00:03:08.140 align:middle line:84% a lot of things online that kind of discuss gamification. 00:03:08.140 --> 00:03:10.700 align:middle line:84% Also, there's third-party companies 00:03:10.700 --> 00:03:17.300 align:middle line:84% that will help gamify, say cyber security training for you. 00:03:17.300 --> 00:03:19.610 align:middle line:84% Protecting your own investments and ownership. 00:03:19.610 --> 00:03:22.100 align:middle line:84% Now also explain to your employees 00:03:22.100 --> 00:03:25.130 align:middle line:90% that you work for this company. 00:03:25.130 --> 00:03:28.020 align:middle line:90% You help make up this company. 00:03:28.020 --> 00:03:32.270 align:middle line:84% And if something happens in a company, it affects you also, 00:03:32.270 --> 00:03:34.700 align:middle line:84% something like a ransomware attack, a ransomware 00:03:34.700 --> 00:03:37.220 align:middle line:84% attack where the company has to pay a lot of money out. 00:03:37.220 --> 00:03:43.860 align:middle line:84% That may result in lost wages, lost employment, and whatnot. 00:03:43.860 --> 00:03:47.580 align:middle line:84% So explaining to your employees that we're all part of this 00:03:47.580 --> 00:03:52.970 align:middle line:84% together can help make things a lot more easier 00:03:52.970 --> 00:03:55.580 align:middle line:84% for an employee to understand that, well, I 00:03:55.580 --> 00:03:56.430 align:middle line:90% need to participate. 00:03:56.430 --> 00:03:58.040 align:middle line:84% I need to protect my own investment. 00:03:58.040 --> 00:04:02.510 align:middle line:84% I need to protect my own job by helping out the company. 00:04:02.510 --> 00:04:05.450 align:middle line:84% Not so much telling people that, well, 00:04:05.450 --> 00:04:08.450 align:middle line:84% if you fail to report a cyber security incident 00:04:08.450 --> 00:04:11.510 align:middle line:84% or you accidentally create a cyber security problem, 00:04:11.510 --> 00:04:13.601 align:middle line:90% we're going to fire you. 00:04:13.601 --> 00:04:17.550 align:middle line:84% I don't personally think that's a good posture to take. 00:04:17.550 --> 00:04:21.040 align:middle line:84% But again, telling an employee that, well, we're all in this 00:04:21.040 --> 00:04:21.540 align:middle line:90% together. 00:04:21.540 --> 00:04:22.760 align:middle line:90% We all work here together. 00:04:22.760 --> 00:04:25.430 align:middle line:84% We all help make this company, so we all 00:04:25.430 --> 00:04:27.470 align:middle line:84% need to take our part to help protect 00:04:27.470 --> 00:04:31.520 align:middle line:90% it is a better route to go. 00:04:31.520 --> 00:04:35.000 align:middle line:84% Now rewarding employees with a tangible reward or recognition 00:04:35.000 --> 00:04:36.928 align:middle line:90% can also go a long way too. 00:04:36.928 --> 00:04:38.720 align:middle line:84% Now the tangible reward doesn't necessarily 00:04:38.720 --> 00:04:40.760 align:middle line:84% have to be anything really expensive. 00:04:40.760 --> 00:04:44.970 align:middle line:84% It could be, say, a plaque or whatnot. 00:04:44.970 --> 00:04:48.330 align:middle line:84% And recognition-wise, giving an employee recognition, 00:04:48.330 --> 00:04:50.820 align:middle line:84% say if you have a newsletter, you put out a newsletter 00:04:50.820 --> 00:04:53.520 align:middle line:84% and say, hey, so-and-so was able to catch this really 00:04:53.520 --> 00:04:57.270 align:middle line:84% nasty phishing email that could've potentially cost us 00:04:57.270 --> 00:05:00.420 align:middle line:84% tens of thousands, $100,000 or whatnot. 00:05:00.420 --> 00:05:03.060 align:middle line:84% And we really appreciate what they did. 00:05:03.060 --> 00:05:05.430 align:middle line:90% Great job catching this. 00:05:05.430 --> 00:05:09.470 align:middle line:84% Thanks for helping out, and we look forward 00:05:09.470 --> 00:05:12.290 align:middle line:84% to who's going to be the next person that's 00:05:12.290 --> 00:05:15.565 align:middle line:84% going to be our security champion, something like that. 00:05:15.565 --> 00:05:16.940 align:middle line:84% You make the employees feel good. 00:05:16.940 --> 00:05:18.800 align:middle line:90% You get them engaged. 00:05:18.800 --> 00:05:21.380 align:middle line:84% You might even get a little bit of competition between people 00:05:21.380 --> 00:05:23.510 align:middle line:84% that, oh, hey, such-and-such got an award. 00:05:23.510 --> 00:05:24.440 align:middle line:90% They got recognition. 00:05:24.440 --> 00:05:25.820 align:middle line:90% OK, I'm going to go for that. 00:05:25.820 --> 00:05:28.760 align:middle line:84% I'm going to see if I could get recognition 00:05:28.760 --> 00:05:30.680 align:middle line:90% next month for this. 00:05:30.680 --> 00:05:34.130 align:middle line:84% Things like that could help your cyber security 00:05:34.130 --> 00:05:37.550 align:middle line:90% posture and your training. 00:05:37.550 --> 00:05:39.440 align:middle line:84% Now in wrapping up, training employees 00:05:39.440 --> 00:05:42.320 align:middle line:84% is a vital way to help secure your network. 00:05:42.320 --> 00:05:45.620 align:middle line:84% Your trainings need to be engaging, informative, 00:05:45.620 --> 00:05:49.280 align:middle line:84% intrinsically tailored to the user as much as possible. 00:05:49.280 --> 00:05:51.470 align:middle line:84% Teaching a user about account provisioning 00:05:51.470 --> 00:05:54.270 align:middle line:84% is not too useful for the custodian, for example. 00:05:54.270 --> 00:05:56.330 align:middle line:84% So you do want to make sure that it's actually 00:05:56.330 --> 00:06:01.770 align:middle line:84% tailored for what they need to know and how they could help. 00:06:01.770 --> 00:06:05.400 align:middle line:84% Making sure your trainings are not too confusing, boring, 00:06:05.400 --> 00:06:07.650 align:middle line:84% or it's going to interfere with the employee's ability 00:06:07.650 --> 00:06:10.960 align:middle line:84% to work efficiently is really important. 00:06:10.960 --> 00:06:14.520 align:middle line:84% And thinking differently gamification recognition 00:06:14.520 --> 00:06:16.890 align:middle line:84% could be a simple way to engage your employees 00:06:16.890 --> 00:06:19.810 align:middle line:90% and keep them engaged. 00:06:19.810 --> 00:06:21.417 align:middle line:84% So this was about employee training. 00:06:21.417 --> 00:06:23.250 align:middle line:84% In the next video, we're going to be talking 00:06:23.250 --> 00:06:25.920 align:middle line:84% about why you need to strike a balance between security 00:06:25.920 --> 00:06:27.690 align:middle line:90% and ease of use. 00:06:27.690 --> 00:06:28.810 align:middle line:90% Thank you for watching. 00:06:28.810 --> 00:06:30.920 align:middle line:90% I'll see you in the next video. 00:06:30.920 --> 00:06:32.000 align:middle line:90%