Skip to main content
Web Content Viewer (JSR 286)
CNA Blog — From the Experts
From insurance trends to risk control to corporate social responsibility, CNA’s leaders know their business and are proud to use their expertise to help organizations succeed.

CNA Blog — From the Experts

Share this content via email or social networks
Published Monday, March 21, 2016

If You Think Cybersecurity Awareness Training is a One-Time Event, Think Again!

As a business owner, regardless of your size, it's critical to promote frequent cybersecurity awareness training. Contrary to popular belief, security awareness training is not a one-time, or even an annual, event. Cybersecurity awareness training should begin during the hiring phase and continue throughout your employees' tenure with the company.

Consider the following key points when developing and administering your cybersecurity awareness program:

  • Include your written security policies and track policy updates in your training.
  • Require ongoing training; effective awareness training is continual.
  • Require participation at all levels of the organization; when senior management takes measurable actions to ensure ongoing training occurs, the entire organization takes notice.
  • Ensure training messages permeate the entire organization; engage those who influence and will help nurture the success of the program.
  • Understand your target audience; craft your training to meet your targeted group.

It's important to note that individuals within an organization learn in different ways. To help your employees make the most of their training experience, it's good practice to design training activities that appeal to one or more of the seven primary styles:

  • Visual. Rely on pictures, images, spatial understanding and visualization.
  • Auditory. Prefer using sound and music.
  • Read-write. Prefer using words, both in speech and writing.
  • Kinesthetic. Utilizes the body, hands, sense of touch.
  • Logical. Ability to understand the underlying principle.
  • Social. Communicate effectively and empathize with others; enjoy open discussion.
  • Solitary. Self-reflective; understand personal strength and weakness.

For instance, feel free to add visuals, discussion, movement, slogans or mnemonics and personal connections to the content.

Since it's recommended that training is conducted as often as possible, here are some effective strategies you can use to promote the message:

  • Include your security message in a regular newsletter or on your company intranet site.
  • Consider special events to promote a certain emphasis.
  • Don't hesitate to reuse successful campaigns from the past.
  • Draw on credible outside resources when available; sometimes the outside source may be received more clearly.
  • Apply game principles to your business problems.
    • Encourages participation and voluntary knowledge seeking.
    • Focuses on behaviors.
    • Rewards goal attainment.
    • Properly applied gamification will help reverse the stigma of mandatory training (check the box) and helps to properly promote a required event.

Always try to keep it short and simple. Research shows that the average adult can focus on a single thing for no more than 20 minutes before they need to refocus. Message retention comes from continuous learning, which is why training sessions on cybersecurity awareness should occur as frequently as possible. 

By implementing these tips, you'll be one step closer to building an organization that can successfully reduce the risk of a cyber-attack.

One or more of the CNA companies provide the products and/or services described. The information is intended to present a general overview for illustrative purposes only. Read CNA’s General Disclaimer.
One or more of the CNA companies provide the products and/or services described. The information is intended to present a general overview for illustrative purposes only. Read CNA’s General Disclaimer.

By visiting our web site,you accept the terms and conditions as described in our Terms of Use.

Privacy Center | Conflict of Interest | Licensing Disclosure | General Disclaimer | Sitemap

"CNA" is a service mark registered by CNA Financial Corporation with the United States Patent and Trademark Office. Certain CNA Financial Corporation subsidiaries use the "CNA" service mark in connection with insurance underwriting and claims activities. Copyright © 2022 CNA. All rights reserved.

/web/guest/cna/from-the-experts/authorbio/blogdetails Cybersecurity Awareness Training | CNA Z6_40KKTL4U2REB90AH8FND8R00T6 /CNA /ListofAuthors /AuthorDetails /IndividualBlogDetails